| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Russische Werbung umgeleitet.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.04.2015, 13:38
| #1 |
| |  Windows 7: Webseiten werden auf Russische Werbung umgeleitet. Hallo, ich habe seit einigen Tagen das Problem, dass wenn ich im Internet surfe, dass sich auf manchen Seiten, die jetzt nichts besonderes enthalten am oberen Rand des Browsers plötzlich Russische Werbung auftaucht, dort steht dann z.b r.proxyloads.ru wenn ich mit der Maus über die Werbung fahre. Manchmal öffnet sich auch ein Russischer Onlineshop, wenn ich auf Links klicke oder einfach ins leere der Internet Seite klicke. (Die Logfiles von Avast konnte ich nicht finden, aufgrund dessen habe ich ein Bild vom Container beigefügt und hoffe dies ist in Ordnung.) Code:
ATTFilter FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Agando (administrator) on AGANDO-PC on 01-04-2015 12:54:31
Running from C:\Users\Agando\Downloads
Loaded Profiles: Agando (Available profiles: Agando)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
() C:\Program Files (x86)\GameforgeLive\gfl_client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64861;https=127.0.0.1:64861
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://terra.im/
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://terra.im/
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://terra.im/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3527986853-237272119-1680365976-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-22] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-22] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default
FF Homepage: hxxp://terra.im/
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\searchplugins\defaultsearch.xml [2015-02-01]
FF Extension: Avira Browser Safety - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: Amazon-Icon - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\amazon-icon@giga.de [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Google Search) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (WallPepper ВКонтакте) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pepjgkdpkihjnbdaggonbpphlfkbhdli [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-22] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-22] (Avast Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-03-22] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-22] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-03-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-22] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [29480 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [34336 2007-08-08] (RapidSolution Software AG)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-22] (Avast Software)
S3 wolfkr; C:\Windows\system32\wolfk64.sys [86352 2014-12-20] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 12:54 - 2015-04-01 12:54 - 00018426 _____ () C:\Users\Agando\Downloads\FRST.txt
2015-04-01 12:53 - 2015-04-01 12:54 - 00000000 ____D () C:\FRST
2015-04-01 12:53 - 2015-04-01 12:53 - 02095616 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-04-01 12:52 - 2015-04-01 12:52 - 00000000 _____ () C:\Users\Agando\defogger_reenable
2015-04-01 12:48 - 2015-04-01 12:48 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger (1).exe
2015-04-01 12:45 - 2015-04-01 12:52 - 00000474 _____ () C:\Users\Agando\Downloads\defogger_disable.log
2015-04-01 12:45 - 2015-04-01 12:48 - 00000246 _____ () C:\Users\Agando\Downloads\defogger_enable.log
2015-04-01 12:44 - 2015-04-01 12:44 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger.exe
2015-04-01 12:25 - 2015-04-01 12:25 - 00089546 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2015-03-31 14:54 - 2015-03-31 14:54 - 00000000 ____D () C:\Users\Agando\Downloads\Gameforge Live
2015-03-30 18:36 - 2015-03-30 18:36 - 00000000 ____D () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3NS0xOTk1NTE2OQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Diablo II
2015-03-30 18:30 - 2015-03-31 23:05 - 00000000 ____D () C:\Diablo II
2015-03-30 18:03 - 2015-03-30 18:17 - 00000000 ____D () C:\Users\Agando\D2LOD-1.12A-deDE
2015-03-30 18:01 - 2015-03-30 18:20 - 00000000 ____D () C:\Users\Agando\D2-1.12A-enGB
2015-03-25 16:50 - 2015-03-25 16:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-25 10:42 - 2015-03-25 10:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\Avg2014
2015-03-24 19:46 - 2015-03-24 19:46 - 00000000 ____D () C:\Users\Agando\Documents\Abelssoft
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TuneUp Software
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Local\TuneUp Software
2015-03-24 08:38 - 2015-03-25 16:48 - 00000000 ____D () C:\Program Files\Image-Line
2015-03-24 08:38 - 2015-03-24 11:05 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\Documents\Image-Line
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OpenCandy
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\VST2
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-03-24 08:37 - 2015-03-25 16:48 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMzM3NzY0Mg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Image-Line
2015-03-24 08:37 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2015-03-24 08:31 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-03-23 16:06 - 2015-03-29 19:15 - 00000000 ____D () C:\Temp
2015-03-22 18:59 - 2015-03-22 18:59 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\AVAST Software
2015-03-22 18:56 - 2015-03-22 18:56 - 00001982 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00001922 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-22 18:54 - 2015-03-24 07:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-22 18:54 - 2015-03-22 18:54 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-22 18:54 - 2015-03-22 18:54 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-22 18:52 - 2015-03-22 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-22 18:32 - 2015-03-30 21:08 - 00094108 _____ () C:\Windows\PFRO.log
2015-03-22 09:05 - 2015-03-22 09:05 - 00000000 ____D () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3NS0xMDY3Mzc5MA%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Metin2
2015-03-22 08:57 - 2015-03-22 08:57 - 00001067 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Agando\AppData\Local\Gameforge4d
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\telltale games
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\my games
2015-03-21 19:45 - 2015-03-21 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:49 - 2015-03-30 21:44 - 00001335 _____ () C:\Windows\setupact.log
2015-03-21 11:49 - 2015-03-21 11:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 11:38 - 2015-03-21 11:44 - 00000000 ____D () C:\AdwCleaner
2015-03-21 08:08 - 2015-03-25 17:03 - 00000000 ____D () C:\Users\Agando\AppData\Local\FreeSystemUtilities
2015-03-20 18:17 - 2015-03-20 18:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-20 18:16 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 18:13 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 18:13 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-14 20:35 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\Agando\AppData\Local\PAYDAY 2
2015-03-11 10:48 - 2015-03-11 10:48 - 00000000 __RHD () C:\MSOCache
2015-03-10 18:22 - 2015-03-10 18:22 - 00000000 _____ () C:\Windows\SysWOW64\sho4835.tmp
2015-03-03 13:52 - 2015-03-03 13:52 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 12:52 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando
2015-04-01 12:39 - 2014-10-21 22:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TS3Client
2015-04-01 12:33 - 2014-12-15 02:00 - 00000000 ____D () C:\Users\Agando\Desktop\Ordner
2015-04-01 12:25 - 2014-11-08 06:29 - 00000000 ____D () C:\Users\Agando\.gimp-2.8
2015-04-01 12:21 - 2014-12-31 11:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 07:22 - 2014-10-20 12:45 - 01406622 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 18:21 - 2014-12-31 11:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 14:53 - 2014-11-09 04:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Audacity
2015-03-30 21:15 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:15 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:14 - 2011-04-12 09:43 - 00699542 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 21:14 - 2011-04-12 09:43 - 00149424 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 21:14 - 2009-07-14 07:13 - 01620888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 21:08 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 21:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 18:32 - 2014-10-25 02:12 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xNjUwMTgzMg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Games
2015-03-28 22:08 - 2014-10-21 15:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-25 23:14 - 2014-11-08 06:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\gtk-2.0
2015-03-25 17:08 - 2014-12-13 22:29 - 00000000 ____D () C:\Users\Agando\AppData\Local\Akamai
2015-03-25 17:03 - 2015-01-02 21:39 - 00000000 ____D () C:\ProgramData\FreeSystemUtilities
2015-03-25 15:02 - 2014-11-13 23:03 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Skype
2015-03-24 19:45 - 2014-11-02 01:06 - 00000000 ____D () C:\Users\Agando\AppData\Local\Abelssoft
2015-03-24 15:29 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando\AppData\Local\VirtualStore
2015-03-23 17:26 - 2015-02-14 14:06 - 00000000 ____D () C:\Program Files (x86)\phase5
2015-03-23 08:05 - 2014-11-08 05:52 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OBS
2015-03-23 03:23 - 2015-02-01 05:36 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\newSI_620
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMTEzNzExNQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-22 18:51 - 2015-01-01 15:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-22 18:32 - 2014-10-21 14:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-22 18:30 - 2014-10-21 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-22 18:30 - 2014-10-21 14:32 - 00000000 ____D () C:\ProgramData\Avira
2015-03-22 08:57 - 2014-12-27 23:54 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-03-21 11:44 - 2014-10-20 12:51 - 00000997 _____ () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-21 09:05 - 2014-11-08 05:02 - 00000000 ____D () C:\Users\Agando\AppData\Local\Windows Live
2015-03-21 08:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xNDU3NjIzNg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Games
2015-03-21 08:24 - 2014-10-21 15:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-21 08:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-21 07:38 - 2014-10-30 15:11 - 00000000 ____D () C:\Fraps
2015-03-21 06:55 - 2014-12-28 07:15 - 00000000 ____D () C:\Users\Agando\Documents\Text
2015-03-21 06:44 - 2014-11-02 01:06 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-03-20 19:53 - 2014-11-08 05:51 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-20 18:17 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 18:17 - 2014-10-20 13:09 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-20 18:14 - 2014-10-20 13:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-19 10:32 - 2014-11-08 15:49 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\SoftGrid Client
2015-03-13 21:41 - 2015-01-01 15:12 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2014-10-20 13:09 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2014-10-20 13:09 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 15:10 - 2014-10-20 13:09 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2015-04-01 12:25 - 2015-04-01 12:25 - 0089546 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\avgnt.exe
C:\Users\Agando\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Agando\AppData\Local\Temp\nvStInst.exe
C:\Users\Agando\AppData\Local\Temp\Quarantine.exe
C:\Users\Agando\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 02:13
==================== End Of Log ============================
--- --- --- --- --- --- Additon:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Agando at 2015-04-01 12:55:11
Running from C:\Users\Agando\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (HKLM-x32\...\{786C5747-1437-443D-B06E-79A00FE45110}) (Version: 1.0.2 - Adobe Systems)
ATI Catalyst Install Manager (HKLM\...\{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.32.1010 - Electronic Arts Inc.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
foobar2000 v1.3.7 beta 1 (HKLM-x32\...\foobar2000) (Version: 1.3.7 beta 1 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free SystemUtilities (x32 Version: 1.1.0.0 - Covus Freemium GmbH) Hidden
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD <a href="hxxp://cityadspix.com/tsclick-BQBE4NPP-VRMIQUYF?url=http%3A%2F%2Fwww.enter.ru%2Fproduct%2Felectronics%2Fgeympad-dlya-xbox-360-microsoft-xbox-360-wireless-controller-cherniy-2060403004348&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=Mjc3NS0wLTE0Mjc4OTE5NzUtMTM0MTMyODI%3D&fid=NDQ1NzU2Nzc1&prdct=023400350037053d05&kw=Wireless%20Controller" target="_blank" alt="Microsoft Xbox 360 Wireless Controller" title="Microsoft Xbox 360 Wireless Controller" style="">Wireless Controller</a> Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Vegas <a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fcover-apple-macbook-pro-13-speck-seethru.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNTY1NTU0Nw%3D%3D&fid=NDQ1NzU2Nzc1&prdct=31053c02360c&kw=<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Facustica_microlab_pro_2.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNzMyMzg0OQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0a3c093e08&kw=Pro%252013.0" target="_blank" alt="Microlab Pro 2" title="Microlab Pro 2" style="">Pro%2013.0</a>" target="_blank" alt="Speck SeeThru for MacBook Pro 13 (unibody)" title="Speck SeeThru for MacBook Pro 13 (unibody)" style="">Pro 13.0</a> (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-03-2015 01:08:59 Geplanter Prüfpunkt
21-03-2015 08:11:07 Removed BlueStacks Notification Center
22-03-2015 12:44:23 Free System Utilities
22-03-2015 18:52:13 avast! antivirus system restore point
22-03-2015 18:55:16 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
25-03-2015 06:50:37 Windows Update
25-03-2015 16:55:03 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 16:57:59 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 17:00:23 Revo Uninstaller's restore point - Free System Utilities
25-03-2015 17:04:57 Revo Uninstaller's restore point - K-Lite Codec Pack 6.0.<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fbosch-ixo-4-upgrade-basic-0603981020.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNjkzNzYzMw%3D%3D&fid=NDQ1NzU2Nzc1&prdct=00320135063204&kw=4%20(Basic)" target="_blank" alt="IXO 4 Upgrade basic" title="IXO 4 Upgrade basic" style="">4 (Basic)</a>
25-03-2015 17:06:08 Revo Uninstaller's restore point - Free System Utilities
25-03-2015 17:06:58 Revo Uninstaller's restore point - Need For Speed™ World
25-03-2015 17:08:05 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 17:10:27 Revo Uninstaller's restore point - TuneUp Utilities 2014
30-03-2015 05:00:42 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1B11B9F7-1207-4DB3-82A3-EE1F3C2C1154} - System32\Tasks\{15D5DB9C-F9C3-4581-AF5C-CE0CB9142560} => pcalua.exe -a "C:\Users\Agando\AppData\Local\Temp\Temp1_PPRO_2.0_Ret-NH_D.zip\Premiere <a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fpro-mac.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xMDQ0NjQ3OA%3D%3D&fid=NDQ1NzU2Nzc1&prdct=300031073304&kw=Pro%202.0" target="_blank" alt="Pro Flat 16.2" title="Pro Flat 16.2" style="">Pro 2.0</a>\Deutsch\Software van andere bedrijven\2d3 SteadyMove\setup.exe"
Task: {1E1CA1E0-E1AA-40CF-AAA9-781322D26116} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {202414D0-50C4-4E99-9480-A118400E1A7C} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {762A6EA6-9B8B-4FD4-8D00-607A2B8060CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7ACBC82B-81B9-416C-91A3-A396F54D5881} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-22] (Avast Software s.r.o.)
Task: {873E9D1F-88A6-4439-966D-50C6D557E0A5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {9C49C43C-B4DD-4835-A92C-55864A558B2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {A61BBF30-B2CB-4638-86C5-A07C9794D87C} - System32\Tasks\{FA44342A-23DC-459A-9B56-CF34E24ECB95} => pcalua.exe -a C:\Users\Agando\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION
Task: {E5D7B07E-F417-4B94-AACE-7D4ADCB4EB76} - System32\Tasks\{EB21F9EE-528A-47B0-B46A-EF0E6D1BEE06} => pcalua.exe -a C:\Users\Agando\Downloads\Arena106.exe -d C:\Users\Agando\Downloads
Task: {E8A8C3E7-1958-490D-A2B4-B4A420A7F1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-10-20 13:09 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-22 08:57 - 2015-02-13 13:05 - 03037736 _____ () C:\Program Files (x86)\GameforgeLive\gfl_client.exe
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-30 09:57 - 2015-03-30 09:57 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15033000\algo.dll
2015-03-30 21:09 - 2015-03-30 21:09 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033001\algo.dll
2015-04-01 10:14 - 2015-04-01 10:14 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15040100\algo.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2015-03-30 21:44 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-22 08:57 - 2014-02-13 14:32 - 00088064 _____ () C:\Program Files (x86)\GameforgeLive\libgcc_s_sjlj-1.dll
2015-03-22 08:57 - 2014-02-13 14:32 - 00863744 _____ () C:\Program Files (x86)\GameforgeLive\libstdc++-6.dll
2015-03-22 08:57 - 2014-02-13 14:33 - 01765301 _____ () C:\Program Files (x86)\GameforgeLive\libgcrypt-11.dll
2015-03-22 08:57 - 2014-02-13 14:33 - 00126959 _____ () C:\Program Files (x86)\GameforgeLive\libgpg-error-0.dll
2015-03-22 08:57 - 2014-02-14 14:55 - 00530432 _____ () C:\Program Files (x86)\GameforgeLive\log4qt.dll
2015-03-22 08:57 - 2015-02-10 13:13 - 00141312 _____ () C:\Program Files (x86)\GameforgeLive\qjson.dll
2015-03-22 08:57 - 2014-02-14 15:19 - 05686669 _____ () C:\Program Files (x86)\GameforgeLive\libtorrent.dll
2015-03-22 08:57 - 2014-02-14 13:32 - 00097659 _____ () C:\Program Files (x86)\GameforgeLive\libboost_system-mgw47-mt-1_53.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\Users\Agando\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Agando\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Agando\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Agando\AppData\Roaming:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMTU2MzE3Ng%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3527986853-237272119-1680365976-500 - Administrator - Disabled)
Agando (S-1-5-21-3527986853-237272119-1680365976-1000 - Administrator - Enabled) => C:\Users\Agando
Gast (S-1-5-21-3527986853-237272119-1680365976-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3527986853-237272119-1680365976-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2015 09:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (03/28/2015 02:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4624
Startzeit: 01d0694fe77aac0f
Endzeit: 6
Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe
Berichts-ID: 6df55a0f-d546-11e4-aff6-b8975a8e4212
Error: (03/26/2015 01:40:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (03/25/2015 05:11:43 PM) (Source: MsiInstaller) (EventID: 11704) (User: Agando-PC)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1704. Eine Installation von TuneUp Utilities 2014 wurde unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig machen?
Error: (03/25/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/24/2015 07:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2038
Startzeit: 01d06572bd0a40f4
Endzeit: 18
Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe
Berichts-ID: 26175037-d166-11e4-adfa-b8975a8e4212
Error: (03/23/2015 05:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5b4
Startzeit: 01d065192037b28c
Endzeit: 3
Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe
Berichts-ID: 97a6e9d9-d10c-11e4-adfa-b8975a8e4212
System errors:
=============
Error: (03/25/2015 09:04:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (03/25/2015 09:03:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.03.2015 um 07:59:56 unerwartet heruntergefahren.
Error: (03/22/2015 07:01:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (03/21/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/21/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Druckwarteschlange erreicht.
Error: (03/21/2015 11:46:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (03/21/2015 11:46:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (03/30/2015 09:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (03/28/2015 02:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.0462401d0694fe77aac0f6C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe6df55a0f-d546-11e4-aff6-b8975a8e4212
Error: (03/26/2015 01:40:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (03/25/2015 05:11:43 PM) (Source: MsiInstaller) (EventID: 11704) (User: Agando-PC)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1704. Eine Installation von TuneUp Utilities 2014 wurde unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig machen?(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/25/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/24/2015 07:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.0203801d06572bd0a40f418C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe26175037-d166-11e4-adfa-b8975a8e4212
Error: (03/23/2015 05:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.05b401d065192037b28c3C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe97a6e9d9-d10c-11e4-adfa-b8975a8e4212
==================== Memory info ===========================
Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 60%
Total physical RAM: 4078.29 MB
Available physical RAM: 1595.91 MB
Total Pagefile: 8154.76 MB
Available Pagefile: 5137.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.42 GB) (Free:237 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E6C5C6A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-01 13:40:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Agando\AppData\Local\Temp\pxdiqpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb5000 63 bytes [43, 4D, 33, 31, 05, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002fb5040 1 byte [01]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000100112ac0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip7address5to_v4Ev + 102 0000000067bcf926 4 bytes [48, FD, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip7address5to_v6Ev + 110 0000000067bcfdfe 4 bytes [48, FD, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip10address_v65to_v4Ev + 86 0000000067bd0366 4 bytes [48, FD, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip6detail8endpoint9to_stringERNS_6system10error_codeE + 537 0000000067bd0e79 4 bytes [8C, F9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip6detail8endpoint9to_stringERNS_6system10error_codeE + 555 0000000067bd0e8b 4 bytes [A0, F9, CD, 6F]
.text ... * 6
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11dict_appendEPKc + 91 0000000067bec9ab 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11dict_appendEPKc + 213 0000000067beca25 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11list_appendEv + 84 0000000067becb94 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11list_appendEv + 207 0000000067becc0f 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent9file_pool9open_fileEPvRKSsN9__gnu_cxx17__normal_iteratorIPKNS_19internal_file_entryESt6vectorIS6_SaIS6_EEEERKNS_12file_storageEiRN5boost6system10error_codeE + 762 0000000067d078fa 4 bytes [FC, B9, CD, 6F]
---- EOF - GMER 2.1 ----
defogger disable : defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:52 on 01/04/2015 (Agando) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Geändert von Caladrius (01.04.2015 um 13:43 Uhr) |
|
01.04.2015, 13:47
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
01.04.2015, 15:15
| #3 |
| | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. TDSSKiller-log war leider zu lang, daher habe ich es als Zip angehangen.
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.04.01.07
rootkit: v2015.03.31.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Agando :: AGANDO-PC [administrator]
01.04.2015 14:54:11
mbar-log-2015-04-01 (14-54-11).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 346384
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
01.04.2015, 20:37
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.04.2015, 23:17
| #5 |
| | Windows 7: Webseiten werden auf Russische Werbung umgeleitet.Code:
ATTFilter 15:17:05.0984 0x1594 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:17:23.0032 0x1594 ============================================================
15:17:23.0032 0x1594 Current date / time: 2015/04/01 15:17:23.0032
15:17:23.0032 0x1594 SystemInfo:
15:17:23.0032 0x1594
15:17:23.0032 0x1594 OS Version: 6.1.7601 ServicePack: 1.0
15:17:23.0032 0x1594 Product type: Workstation
15:17:23.0032 0x1594 ComputerName: AGANDO-PC
15:17:23.0033 0x1594 UserName: Agando
15:17:23.0033 0x1594 Windows directory: C:\Windows
15:17:23.0033 0x1594 System windows directory: C:\Windows
15:17:23.0033 0x1594 Running under WOW64
15:17:23.0033 0x1594 Processor architecture: Intel x64
15:17:23.0033 0x1594 Number of processors: 4
15:17:23.0033 0x1594 Page size: 0x1000
15:17:23.0033 0x1594 Boot type: Normal boot
15:17:23.0033 0x1594 ============================================================
15:17:24.0609 0x1594 KLMD registered as C:\Windows\system32\drivers\27876267.sys
15:17:24.0874 0x1594 System UUID: {DF342AF6-746D-13C3-8D36-AAC5340CA0B8}
15:17:25.0394 0x1594 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:25.0399 0x1594 ============================================================
15:17:25.0399 0x1594 \Device\Harddisk0\DR0:
15:17:25.0399 0x1594 MBR partitions:
15:17:25.0399 0x1594 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
15:17:25.0399 0x1594 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x3A2D6000
15:17:25.0399 0x1594 ============================================================
15:17:25.0431 0x1594 C: <-> \Device\Harddisk0\DR0\Partition2
15:17:25.0431 0x1594 ============================================================
15:17:25.0431 0x1594 Initialize success
15:17:25.0431 0x1594 ============================================================
15:17:49.0294 0x1580 ============================================================
15:17:49.0294 0x1580 Scan started
15:17:49.0294 0x1580 Mode: Manual;
15:17:49.0294 0x1580 ============================================================
15:17:49.0294 0x1580 KSN ping started
15:17:50.0470 0x1580 KSN ping finished: true
15:17:51.0271 0x1580 ================ Scan system memory ========================
15:17:51.0271 0x1580 System memory - ok
15:17:51.0272 0x1580 ================ Scan services =============================
15:17:51.0420 0x1580 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:17:51.0426 0x1580 1394ohci - ok
15:17:51.0460 0x1580 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:17:51.0468 0x1580 ACPI - ok
15:17:51.0482 0x1580 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:17:51.0483 0x1580 AcpiPmi - ok
15:17:51.0585 0x1580 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:51.0587 0x1580 AdobeARMservice - ok
15:17:51.0643 0x1580 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:17:51.0655 0x1580 adp94xx - ok
15:17:51.0674 0x1580 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:17:51.0681 0x1580 adpahci - ok
15:17:51.0697 0x1580 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:17:51.0701 0x1580 adpu320 - ok
15:17:51.0729 0x1580 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:17:51.0732 0x1580 AeLookupSvc - ok
15:17:51.0770 0x1580 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
15:17:51.0783 0x1580 AFD - ok
15:17:51.0798 0x1580 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:17:51.0800 0x1580 agp440 - ok
15:17:51.0820 0x1580 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:17:51.0822 0x1580 ALG - ok
15:17:51.0850 0x1580 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:17:51.0851 0x1580 aliide - ok
15:17:51.0860 0x1580 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:17:51.0861 0x1580 amdide - ok
15:17:51.0887 0x1580 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:17:51.0889 0x1580 AmdK8 - ok
15:17:51.0912 0x1580 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:17:51.0914 0x1580 AmdPPM - ok
15:17:51.0943 0x1580 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:17:51.0946 0x1580 amdsata - ok
15:17:51.0960 0x1580 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:17:51.0964 0x1580 amdsbs - ok
15:17:51.0982 0x1580 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:17:51.0983 0x1580 amdxata - ok
15:17:52.0022 0x1580 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
15:17:52.0024 0x1580 AppID - ok
15:17:52.0051 0x1580 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:17:52.0053 0x1580 AppIDSvc - ok
15:17:52.0081 0x1580 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
15:17:52.0083 0x1580 Appinfo - ok
15:17:52.0101 0x1580 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:17:52.0104 0x1580 arc - ok
15:17:52.0119 0x1580 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:17:52.0121 0x1580 arcsas - ok
15:17:52.0228 0x1580 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:17:52.0230 0x1580 aspnet_state - ok
15:17:52.0254 0x1580 [ BA4B999D245287608A79C92CDAE6F3C1, 799CC0FB185FDF3438687184944E6F6AB6EE73B3B542542D3C13C0FF1A8C0276 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
15:17:52.0255 0x1580 aswHwid - ok
15:17:52.0278 0x1580 [ 543D8AD4621A685CECBBE44BD5B71FAE, 5E8A20B4848F2AEB7BE56BA8966B961FD135433A87EC36ACAB3B63646A1DDCA8 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
15:17:52.0279 0x1580 aswKbd - ok
15:17:52.0290 0x1580 [ 245D3A0670491E1F88759EC45C9F7314, 1FFBDDDC6FCD29770B439933EEB8BE1ABA9149193932B2481720E8E9F265A797 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:17:52.0293 0x1580 aswMonFlt - ok
15:17:52.0329 0x1580 [ 95AAB2D70A5B8F4BDB1FF131CD726232, 8C7267BAE92FB2F31BCA7818BAC43F7E542F0E8A7405422B730DF2805CCD7FB4 ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
15:17:52.0339 0x1580 aswNdisFlt - ok
15:17:52.0350 0x1580 [ BC18D5B42B19564BA09156410E1FB9BE, 0DA9636632462208AE4D360BFE5A8187644B036A0D43E981665D888A5363B953 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
15:17:52.0353 0x1580 aswRdr - ok
15:17:52.0359 0x1580 [ 713AFFD4E38553AEF04617C985B4030B, A09FBE4D49390024E8CF93352EACEB5AC53BEE5A4E5A76F5BE0341F8A002C4DD ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
15:17:52.0361 0x1580 aswRvrt - ok
15:17:52.0415 0x1580 [ 669F6B37965756E407B447272B5EE39F, FE2C0A8F96415191650485AED637A45B26E7B9A25A4BFB5D809844BD24FD6BA9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:17:52.0449 0x1580 aswSnx - ok
15:17:52.0473 0x1580 [ 3A145C94A519E52FE7E99460DD0DF53C, 91E9544B1B72FCC32463BF34838DAA9F14DCABF3BE9FE9382087ACDB3B4FC598 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:17:52.0482 0x1580 aswSP - ok
15:17:52.0494 0x1580 [ 8CDA894FA86D03FB43063D5FD85EFCAE, 20D110ACC84300514557AB6E565CFA0101DA749559B52877A41A509E79314AF6 ] aswStm C:\Windows\system32\drivers\aswStm.sys
15:17:52.0498 0x1580 aswStm - ok
15:17:52.0513 0x1580 [ 11644D8399F4AC8BB12C2364DCB87CB4, 828C3A03AB9D5F0650C7B90B7479CCAAD586B22BB7AC6DB7C91E8D9D80427DFB ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
15:17:52.0519 0x1580 aswVmm - ok
15:17:52.0544 0x1580 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:52.0545 0x1580 AsyncMac - ok
15:17:52.0561 0x1580 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:17:52.0562 0x1580 atapi - ok
15:17:52.0609 0x1580 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:17:52.0635 0x1580 AudioEndpointBuilder - ok
15:17:52.0653 0x1580 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:17:52.0665 0x1580 AudioSrv - ok
15:17:52.0751 0x1580 [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:17:52.0757 0x1580 avast! Antivirus - ok
15:17:52.0797 0x1580 [ 9BCCEF665F197A5BBE86C679EFF608D0, 16D818E6642DD23B5915311C909E1131AA27592254ED8A6EAC59674AC80A01A0 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
15:17:52.0799 0x1580 avast! Firewall - ok
15:17:52.0966 0x1580 [ 986B03BCC7679B181EC540249956B080, 35FD1229DD016B0837A2879E685A830034DD36D5F52ECBAFA358299DCB126989 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
15:17:53.0033 0x1580 AvastVBoxSvc - ok
15:17:53.0077 0x1580 [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
15:17:53.0081 0x1580 Avira.OE.ServiceHost - ok
15:17:53.0130 0x1580 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:17:53.0134 0x1580 AxInstSV - ok
15:17:53.0179 0x1580 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:17:53.0189 0x1580 b06bdrv - ok
15:17:53.0206 0x1580 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:17:53.0213 0x1580 b57nd60a - ok
15:17:53.0248 0x1580 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:17:53.0251 0x1580 BDESVC - ok
15:17:53.0259 0x1580 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:17:53.0260 0x1580 Beep - ok
15:17:53.0314 0x1580 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:17:53.0340 0x1580 BFE - ok
15:17:53.0391 0x1580 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
15:17:53.0417 0x1580 BITS - ok
15:17:53.0439 0x1580 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:17:53.0440 0x1580 blbdrive - ok
15:17:53.0483 0x1580 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:17:53.0485 0x1580 bowser - ok
15:17:53.0516 0x1580 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:17:53.0517 0x1580 BrFiltLo - ok
15:17:53.0526 0x1580 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:17:53.0527 0x1580 BrFiltUp - ok
15:17:53.0552 0x1580 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:17:53.0555 0x1580 Browser - ok
15:17:53.0575 0x1580 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:17:53.0582 0x1580 Brserid - ok
15:17:53.0596 0x1580 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:17:53.0598 0x1580 BrSerWdm - ok
15:17:53.0611 0x1580 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:17:53.0612 0x1580 BrUsbMdm - ok
15:17:53.0623 0x1580 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:17:53.0624 0x1580 BrUsbSer - ok
15:17:53.0639 0x1580 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:17:53.0641 0x1580 BTHMODEM - ok
15:17:53.0689 0x1580 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:17:53.0692 0x1580 bthserv - ok
15:17:53.0786 0x1580 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
15:17:53.0810 0x1580 c2cautoupdatesvc - ok
15:17:53.0868 0x1580 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
15:17:53.0898 0x1580 c2cpnrsvc - ok
15:17:53.0935 0x1580 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:17:53.0938 0x1580 cdfs - ok
15:17:53.0970 0x1580 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:17:53.0974 0x1580 cdrom - ok
15:17:54.0009 0x1580 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:17:54.0012 0x1580 CertPropSvc - ok
15:17:54.0028 0x1580 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:17:54.0029 0x1580 circlass - ok
15:17:54.0056 0x1580 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
15:17:54.0065 0x1580 CLFS - ok
15:17:54.0137 0x1580 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:54.0139 0x1580 clr_optimization_v2.0.50727_32 - ok
15:17:54.0191 0x1580 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:54.0194 0x1580 clr_optimization_v2.0.50727_64 - ok
15:17:54.0245 0x1580 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:54.0249 0x1580 clr_optimization_v4.0.30319_32 - ok
15:17:54.0263 0x1580 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:54.0278 0x1580 clr_optimization_v4.0.30319_64 - ok
15:17:54.0306 0x1580 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:17:54.0307 0x1580 CmBatt - ok
15:17:54.0338 0x1580 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:17:54.0339 0x1580 cmdide - ok
15:17:54.0372 0x1580 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
15:17:54.0382 0x1580 CNG - ok
15:17:54.0399 0x1580 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:17:54.0400 0x1580 Compbatt - ok
15:17:54.0439 0x1580 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:17:54.0440 0x1580 CompositeBus - ok
15:17:54.0456 0x1580 COMSysApp - ok
15:17:54.0467 0x1580 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:17:54.0469 0x1580 crcdisk - ok
15:17:54.0495 0x1580 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:17:54.0499 0x1580 CryptSvc - ok
15:17:54.0600 0x1580 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:17:54.0614 0x1580 cvhsvc - ok
15:17:54.0647 0x1580 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:17:54.0665 0x1580 DcomLaunch - ok
15:17:54.0695 0x1580 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:17:54.0703 0x1580 defragsvc - ok
15:17:54.0717 0x1580 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:17:54.0720 0x1580 DfsC - ok
15:17:54.0767 0x1580 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:17:54.0775 0x1580 Dhcp - ok
15:17:54.0785 0x1580 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:17:54.0787 0x1580 discache - ok
15:17:54.0831 0x1580 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:17:54.0833 0x1580 Disk - ok
15:17:54.0862 0x1580 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:17:54.0867 0x1580 Dnscache - ok
15:17:54.0889 0x1580 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:17:54.0896 0x1580 dot3svc - ok
15:17:54.0911 0x1580 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:17:54.0916 0x1580 DPS - ok
15:17:54.0949 0x1580 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:17:54.0950 0x1580 drmkaud - ok
15:17:54.0998 0x1580 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:17:55.0032 0x1580 DXGKrnl - ok
15:17:55.0062 0x1580 EagleX64 - ok
15:17:55.0089 0x1580 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:17:55.0092 0x1580 EapHost - ok
15:17:55.0191 0x1580 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:17:55.0278 0x1580 ebdrv - ok
15:17:55.0308 0x1580 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
15:17:55.0310 0x1580 EFS - ok
15:17:55.0376 0x1580 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:17:55.0402 0x1580 ehRecvr - ok
15:17:55.0445 0x1580 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:17:55.0448 0x1580 ehSched - ok
15:17:55.0489 0x1580 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:17:55.0504 0x1580 elxstor - ok
15:17:55.0520 0x1580 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:17:55.0521 0x1580 ErrDev - ok
15:17:55.0559 0x1580 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:17:55.0569 0x1580 EventSystem - ok
15:17:55.0583 0x1580 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:17:55.0587 0x1580 exfat - ok
15:17:55.0654 0x1580 FairplayKD - ok
15:17:55.0674 0x1580 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:17:55.0679 0x1580 fastfat - ok
15:17:55.0716 0x1580 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:17:55.0741 0x1580 Fax - ok
15:17:55.0758 0x1580 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:17:55.0760 0x1580 fdc - ok
15:17:55.0769 0x1580 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:17:55.0770 0x1580 fdPHost - ok
15:17:55.0783 0x1580 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:17:55.0785 0x1580 FDResPub - ok
15:17:55.0797 0x1580 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:17:55.0800 0x1580 FileInfo - ok
15:17:55.0812 0x1580 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:17:55.0814 0x1580 Filetrace - ok
15:17:55.0830 0x1580 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:17:55.0831 0x1580 flpydisk - ok
15:17:55.0870 0x1580 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:17:55.0877 0x1580 FltMgr - ok
15:17:55.0934 0x1580 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
15:17:55.0969 0x1580 FontCache - ok
15:17:56.0005 0x1580 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:56.0007 0x1580 FontCache3.0.0.0 - ok
15:17:56.0021 0x1580 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:17:56.0023 0x1580 FsDepends - ok
15:17:56.0040 0x1580 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:17:56.0041 0x1580 Fs_Rec - ok
15:17:56.0069 0x1580 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:17:56.0074 0x1580 fvevol - ok
15:17:56.0109 0x1580 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:17:56.0111 0x1580 gagp30kx - ok
15:17:56.0234 0x1580 [ EBF714703106C1D5BC3E7B4C389A5828, D09472BCF71B58CF8F463131AD778F4D2E189047EE6B9AF088BCDE7B25398682 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
15:17:56.0254 0x1580 GfExperienceService - ok
15:17:56.0350 0x1580 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:17:56.0368 0x1580 gpsvc - ok
15:17:56.0417 0x1580 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:56.0420 0x1580 gupdate - ok
15:17:56.0424 0x1580 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:56.0426 0x1580 gupdatem - ok
15:17:56.0456 0x1580 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:17:56.0458 0x1580 hamachi - ok
15:17:56.0479 0x1580 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:17:56.0480 0x1580 hcw85cir - ok
15:17:56.0526 0x1580 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:17:56.0535 0x1580 HdAudAddService - ok
15:17:56.0556 0x1580 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:56.0559 0x1580 HDAudBus - ok
15:17:56.0571 0x1580 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:17:56.0573 0x1580 HidBatt - ok
15:17:56.0588 0x1580 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:17:56.0590 0x1580 HidBth - ok
15:17:56.0605 0x1580 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:17:56.0607 0x1580 HidIr - ok
15:17:56.0634 0x1580 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
15:17:56.0636 0x1580 hidserv - ok
15:17:56.0671 0x1580 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:17:56.0673 0x1580 HidUsb - ok
15:17:56.0682 0x1580 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:17:56.0686 0x1580 hkmsvc - ok
15:17:56.0701 0x1580 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:17:56.0708 0x1580 HomeGroupListener - ok
15:17:56.0721 0x1580 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:17:56.0727 0x1580 HomeGroupProvider - ok
15:17:56.0744 0x1580 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:17:56.0746 0x1580 HpSAMD - ok
15:17:56.0787 0x1580 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:17:56.0814 0x1580 HTTP - ok
15:17:56.0827 0x1580 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:17:56.0828 0x1580 hwpolicy - ok
15:17:56.0857 0x1580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:17:56.0860 0x1580 i8042prt - ok
15:17:56.0887 0x1580 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:17:56.0896 0x1580 iaStorV - ok
15:17:56.0953 0x1580 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:56.0979 0x1580 idsvc - ok
15:17:57.0006 0x1580 IEEtwCollectorService - ok
15:17:57.0021 0x1580 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:17:57.0023 0x1580 iirsp - ok
15:17:57.0062 0x1580 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:17:57.0088 0x1580 IKEEXT - ok
15:17:57.0239 0x1580 [ 6BDCC85422817FA53CD705ADE312CE6A, 2EBEDF34493B4AE34442A89ACBCDB2C39447F21FBB015BDD7935DE95DD217CD0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:17:57.0363 0x1580 IntcAzAudAddService - ok
15:17:57.0390 0x1580 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:17:57.0391 0x1580 intelide - ok
15:17:57.0416 0x1580 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:17:57.0418 0x1580 intelppm - ok
15:17:57.0436 0x1580 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:17:57.0440 0x1580 IPBusEnum - ok
15:17:57.0458 0x1580 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:57.0460 0x1580 IpFilterDriver - ok
15:17:57.0495 0x1580 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:17:57.0511 0x1580 iphlpsvc - ok
15:17:57.0527 0x1580 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:17:57.0530 0x1580 IPMIDRV - ok
15:17:57.0545 0x1580 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:17:57.0548 0x1580 IPNAT - ok
15:17:57.0567 0x1580 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:17:57.0568 0x1580 IRENUM - ok
15:17:57.0578 0x1580 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:17:57.0579 0x1580 isapnp - ok
15:17:57.0604 0x1580 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:17:57.0610 0x1580 iScsiPrt - ok
15:17:57.0628 0x1580 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:57.0630 0x1580 kbdclass - ok
15:17:57.0654 0x1580 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:57.0656 0x1580 kbdhid - ok
15:17:57.0674 0x1580 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
15:17:57.0677 0x1580 KeyIso - ok
15:17:57.0700 0x1580 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:17:57.0703 0x1580 KSecDD - ok
15:17:57.0724 0x1580 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:17:57.0728 0x1580 KSecPkg - ok
15:17:57.0732 0x1580 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:17:57.0733 0x1580 ksthunk - ok
15:17:57.0767 0x1580 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:17:57.0777 0x1580 KtmRm - ok
15:17:57.0803 0x1580 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:17:57.0811 0x1580 LanmanServer - ok
15:17:57.0822 0x1580 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:17:57.0827 0x1580 LanmanWorkstation - ok
15:17:57.0854 0x1580 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:17:57.0856 0x1580 lltdio - ok
15:17:57.0893 0x1580 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:17:57.0901 0x1580 lltdsvc - ok
15:17:57.0915 0x1580 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:17:57.0918 0x1580 lmhosts - ok
15:17:57.0962 0x1580 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:17:57.0966 0x1580 LSI_FC - ok
15:17:57.0985 0x1580 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:17:57.0988 0x1580 LSI_SAS - ok
15:17:57.0999 0x1580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:17:58.0001 0x1580 LSI_SAS2 - ok
15:17:58.0006 0x1580 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:17:58.0010 0x1580 LSI_SCSI - ok
15:17:58.0025 0x1580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:17:58.0028 0x1580 luafv - ok
15:17:58.0179 0x1580 [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
15:17:58.0307 0x1580 LVUVC64 - ok
15:17:58.0350 0x1580 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:17:58.0354 0x1580 Mcx2Svc - ok
15:17:58.0367 0x1580 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:17:58.0369 0x1580 megasas - ok
15:17:58.0378 0x1580 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:17:58.0384 0x1580 MegaSR - ok
15:17:58.0408 0x1580 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:17:58.0411 0x1580 MMCSS - ok
15:17:58.0421 0x1580 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:17:58.0423 0x1580 Modem - ok
15:17:58.0440 0x1580 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:17:58.0442 0x1580 monitor - ok
15:17:58.0462 0x1580 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:17:58.0464 0x1580 mouclass - ok
15:17:58.0482 0x1580 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:17:58.0484 0x1580 mouhid - ok
15:17:58.0512 0x1580 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:17:58.0515 0x1580 mountmgr - ok
15:17:58.0533 0x1580 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:17:58.0537 0x1580 mpio - ok
15:17:58.0562 0x1580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:17:58.0565 0x1580 mpsdrv - ok
15:17:58.0607 0x1580 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:17:58.0632 0x1580 MpsSvc - ok
15:17:58.0698 0x1580 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:17:58.0737 0x1580 MRxDAV - ok
15:17:58.0771 0x1580 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:58.0776 0x1580 mrxsmb - ok
15:17:58.0796 0x1580 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:58.0803 0x1580 mrxsmb10 - ok
15:17:58.0812 0x1580 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:58.0816 0x1580 mrxsmb20 - ok
15:17:58.0824 0x1580 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:17:58.0825 0x1580 msahci - ok
15:17:58.0854 0x1580 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:17:58.0857 0x1580 msdsm - ok
15:17:58.0871 0x1580 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:17:58.0876 0x1580 MSDTC - ok
15:17:58.0903 0x1580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:17:58.0904 0x1580 Msfs - ok
15:17:58.0917 0x1580 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:17:58.0918 0x1580 mshidkmdf - ok
15:17:58.0942 0x1580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:17:58.0943 0x1580 msisadrv - ok
15:17:58.0984 0x1580 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:17:58.0989 0x1580 MSiSCSI - ok
15:17:58.0992 0x1580 msiserver - ok
15:17:59.0013 0x1580 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:17:59.0014 0x1580 MSKSSRV - ok
15:17:59.0039 0x1580 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:59.0040 0x1580 MSPCLOCK - ok
15:17:59.0043 0x1580 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:17:59.0044 0x1580 MSPQM - ok
15:17:59.0080 0x1580 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:17:59.0088 0x1580 MsRPC - ok
15:17:59.0096 0x1580 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:59.0098 0x1580 mssmbios - ok
15:17:59.0113 0x1580 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:17:59.0115 0x1580 MSTEE - ok
15:17:59.0128 0x1580 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:17:59.0130 0x1580 MTConfig - ok
15:17:59.0144 0x1580 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:17:59.0147 0x1580 Mup - ok
15:17:59.0182 0x1580 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:17:59.0199 0x1580 napagent - ok
15:17:59.0231 0x1580 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:17:59.0239 0x1580 NativeWifiP - ok
15:17:59.0310 0x1580 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
15:17:59.0335 0x1580 NDIS - ok
15:17:59.0353 0x1580 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:17:59.0354 0x1580 NdisCap - ok
15:17:59.0383 0x1580 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:59.0384 0x1580 NdisTapi - ok
15:17:59.0411 0x1580 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:59.0413 0x1580 Ndisuio - ok
15:17:59.0427 0x1580 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:59.0431 0x1580 NdisWan - ok
15:17:59.0437 0x1580 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:17:59.0439 0x1580 NDProxy - ok
15:17:59.0450 0x1580 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:17:59.0451 0x1580 NetBIOS - ok
15:17:59.0464 0x1580 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:17:59.0470 0x1580 NetBT - ok
15:17:59.0483 0x1580 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
15:17:59.0485 0x1580 Netlogon - ok
15:17:59.0519 0x1580 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:17:59.0529 0x1580 Netman - ok
15:17:59.0555 0x1580 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0572 0x1580 NetMsmqActivator - ok
15:17:59.0578 0x1580 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0581 0x1580 NetPipeActivator - ok
15:17:59.0606 0x1580 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:17:59.0620 0x1580 netprofm - ok
15:17:59.0627 0x1580 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0630 0x1580 NetTcpActivator - ok
15:17:59.0635 0x1580 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0638 0x1580 NetTcpPortSharing - ok
15:17:59.0658 0x1580 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:17:59.0660 0x1580 nfrd960 - ok
15:17:59.0679 0x1580 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:17:59.0688 0x1580 NlaSvc - ok
15:17:59.0718 0x1580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:17:59.0720 0x1580 Npfs - ok
15:17:59.0731 0x1580 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:17:59.0734 0x1580 nsi - ok
15:17:59.0741 0x1580 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:17:59.0742 0x1580 nsiproxy - ok
15:17:59.0803 0x1580 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:17:59.0847 0x1580 Ntfs - ok
15:17:59.0857 0x1580 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:17:59.0858 0x1580 Null - ok
15:17:59.0904 0x1580 [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:17:59.0909 0x1580 NVHDA - ok
15:18:00.0202 0x1580 [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:00.0463 0x1580 nvlddmkm - ok
15:18:00.0488 0x1580 Scan was interrupted by user!
15:18:00.0488 0x1580 Waiting for KSN requests completion. In queue: 197
15:18:01.0488 0x1580 Waiting for KSN requests completion. In queue: 197
15:18:02.0509 0x1580 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
15:18:02.0511 0x1580 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41010 ( enabled )
15:18:03.0649 0x1580 ============================================================
15:18:03.0649 0x1580 Scan finished
15:18:03.0649 0x1580 ============================================================
15:18:03.0654 0x1b78 Detected object count: 0
15:18:03.0654 0x1b78 Actual detected object count: 0
15:18:22.0445 0x1b98 ============================================================
15:18:22.0445 0x1b98 Scan started
15:18:22.0445 0x1b98 Mode: Manual; SigCheck; TDLFS;
15:18:22.0445 0x1b98 ============================================================
15:18:22.0445 0x1b98 KSN ping started
15:18:23.0549 0x1b98 KSN ping finished: true
15:18:23.0897 0x1b98 ================ Scan system memory ========================
15:18:23.0897 0x1b98 System memory - ok
15:18:23.0898 0x1b98 ================ Scan services =============================
15:18:24.0005 0x1b98 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:18:24.0087 0x1b98 1394ohci - ok
15:18:24.0111 0x1b98 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:18:24.0128 0x1b98 ACPI - ok
15:18:24.0158 0x1b98 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:18:24.0218 0x1b98 AcpiPmi - ok
15:18:24.0294 0x1b98 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:18:24.0305 0x1b98 AdobeARMservice - ok
15:18:24.0345 0x1b98 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:18:24.0364 0x1b98 adp94xx - ok
15:18:24.0392 0x1b98 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:18:24.0408 0x1b98 adpahci - ok
15:18:24.0431 0x1b98 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:18:24.0445 0x1b98 adpu320 - ok
15:18:24.0480 0x1b98 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:18:24.0584 0x1b98 AeLookupSvc - ok
15:18:24.0629 0x1b98 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
15:18:24.0691 0x1b98 AFD - ok
15:18:24.0708 0x1b98 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:18:24.0718 0x1b98 agp440 - ok
15:18:24.0737 0x1b98 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:18:24.0787 0x1b98 ALG - ok
15:18:24.0809 0x1b98 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:18:24.0819 0x1b98 aliide - ok
15:18:24.0828 0x1b98 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:18:24.0838 0x1b98 amdide - ok
15:18:24.0855 0x1b98 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:18:24.0881 0x1b98 AmdK8 - ok
15:18:24.0897 0x1b98 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:18:24.0921 0x1b98 AmdPPM - ok
15:18:24.0952 0x1b98 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:18:24.0963 0x1b98 amdsata - ok
15:18:24.0994 0x1b98 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:18:25.0008 0x1b98 amdsbs - ok
15:18:25.0024 0x1b98 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:18:25.0034 0x1b98 amdxata - ok
15:18:25.0065 0x1b98 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
15:18:25.0186 0x1b98 AppID - ok
15:18:25.0211 0x1b98 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:18:25.0249 0x1b98 AppIDSvc - ok
15:18:25.0282 0x1b98 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
15:18:25.0320 0x1b98 Appinfo - ok
15:18:25.0336 0x1b98 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:18:25.0347 0x1b98 arc - ok
15:18:25.0378 0x1b98 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:18:25.0390 0x1b98 arcsas - ok
15:18:25.0504 0x1b98 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:18:25.0516 0x1b98 aspnet_state - ok
15:18:25.0538 0x1b98 [ BA4B999D245287608A79C92CDAE6F3C1, 799CC0FB185FDF3438687184944E6F6AB6EE73B3B542542D3C13C0FF1A8C0276 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
15:18:25.0552 0x1b98 aswHwid - ok
15:18:25.0570 0x1b98 [ 543D8AD4621A685CECBBE44BD5B71FAE, 5E8A20B4848F2AEB7BE56BA8966B961FD135433A87EC36ACAB3B63646A1DDCA8 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
15:18:25.0580 0x1b98 aswKbd - ok
15:18:25.0592 0x1b98 [ 245D3A0670491E1F88759EC45C9F7314, 1FFBDDDC6FCD29770B439933EEB8BE1ABA9149193932B2481720E8E9F265A797 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:18:25.0602 0x1b98 aswMonFlt - ok
15:18:25.0631 0x1b98 [ 95AAB2D70A5B8F4BDB1FF131CD726232, 8C7267BAE92FB2F31BCA7818BAC43F7E542F0E8A7405422B730DF2805CCD7FB4 ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
15:18:25.0649 0x1b98 aswNdisFlt - ok
15:18:25.0668 0x1b98 [ BC18D5B42B19564BA09156410E1FB9BE, 0DA9636632462208AE4D360BFE5A8187644B036A0D43E981665D888A5363B953 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
15:18:25.0679 0x1b98 aswRdr - ok
15:18:25.0694 0x1b98 [ 713AFFD4E38553AEF04617C985B4030B, A09FBE4D49390024E8CF93352EACEB5AC53BEE5A4E5A76F5BE0341F8A002C4DD ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
15:18:25.0704 0x1b98 aswRvrt - ok
15:18:25.0742 0x1b98 [ 669F6B37965756E407B447272B5EE39F, FE2C0A8F96415191650485AED637A45B26E7B9A25A4BFB5D809844BD24FD6BA9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:18:25.0772 0x1b98 aswSnx - ok
15:18:25.0799 0x1b98 [ 3A145C94A519E52FE7E99460DD0DF53C, 91E9544B1B72FCC32463BF34838DAA9F14DCABF3BE9FE9382087ACDB3B4FC598 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:18:25.0817 0x1b98 aswSP - ok
15:18:25.0829 0x1b98 [ 8CDA894FA86D03FB43063D5FD85EFCAE, 20D110ACC84300514557AB6E565CFA0101DA749559B52877A41A509E79314AF6 ] aswStm C:\Windows\system32\drivers\aswStm.sys
15:18:25.0840 0x1b98 aswStm - ok
15:18:25.0864 0x1b98 [ 11644D8399F4AC8BB12C2364DCB87CB4, 828C3A03AB9D5F0650C7B90B7479CCAAD586B22BB7AC6DB7C91E8D9D80427DFB ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
15:18:25.0878 0x1b98 aswVmm - ok
15:18:25.0904 0x1b98 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:25.0946 0x1b98 AsyncMac - ok
15:18:25.0971 0x1b98 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:18:25.0981 0x1b98 atapi - ok
15:18:26.0018 0x1b98 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:18:26.0087 0x1b98 AudioEndpointBuilder - ok
15:18:26.0118 0x1b98 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:18:26.0145 0x1b98 AudioSrv - ok
15:18:26.0227 0x1b98 [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:18:26.0243 0x1b98 avast! Antivirus - ok
15:18:26.0265 0x1b98 [ 9BCCEF665F197A5BBE86C679EFF608D0, 16D818E6642DD23B5915311C909E1131AA27592254ED8A6EAC59674AC80A01A0 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
15:18:26.0276 0x1b98 avast! Firewall - ok
15:18:26.0427 0x1b98 [ 986B03BCC7679B181EC540249956B080, 35FD1229DD016B0837A2879E685A830034DD36D5F52ECBAFA358299DCB126989 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
15:18:26.0522 0x1b98 AvastVBoxSvc - ok
15:18:26.0561 0x1b98 [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
15:18:26.0587 0x1b98 Avira.OE.ServiceHost - ok
15:18:26.0615 0x1b98 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:18:26.0665 0x1b98 AxInstSV - ok
15:18:26.0696 0x1b98 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:18:26.0731 0x1b98 b06bdrv - ok
15:18:26.0757 0x1b98 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:18:26.0789 0x1b98 b57nd60a - ok
15:18:26.0815 0x1b98 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:18:26.0850 0x1b98 BDESVC - ok
15:18:26.0859 0x1b98 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:18:26.0899 0x1b98 Beep - ok
15:18:26.0932 0x1b98 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:18:26.0992 0x1b98 BFE - ok
15:18:27.0032 0x1b98 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
15:18:27.0102 0x1b98 BITS - ok
15:18:27.0114 0x1b98 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:18:27.0139 0x1b98 blbdrive - ok
15:18:27.0166 0x1b98 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:18:27.0223 0x1b98 bowser - ok
15:18:27.0241 0x1b98 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:18:27.0267 0x1b98 BrFiltLo - ok
15:18:27.0284 0x1b98 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:18:27.0299 0x1b98 BrFiltUp - ok
15:18:27.0327 0x1b98 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:18:27.0355 0x1b98 Browser - ok
15:18:27.0375 0x1b98 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:18:27.0420 0x1b98 Brserid - ok
15:18:27.0438 0x1b98 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:18:27.0460 0x1b98 BrSerWdm - ok
15:18:27.0486 0x1b98 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:18:27.0510 0x1b98 BrUsbMdm - ok
15:18:27.0523 0x1b98 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:18:27.0546 0x1b98 BrUsbSer - ok
15:18:27.0564 0x1b98 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:18:27.0589 0x1b98 BTHMODEM - ok
15:18:27.0614 0x1b98 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:18:27.0644 0x1b98 bthserv - ok
15:18:27.0729 0x1b98 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
15:18:27.0767 0x1b98 c2cautoupdatesvc - ok
15:18:27.0818 0x1b98 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
15:18:27.0864 0x1b98 c2cpnrsvc - ok
15:18:27.0902 0x1b98 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:18:27.0954 0x1b98 cdfs - ok
15:18:27.0978 0x1b98 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:18:27.0993 0x1b98 cdrom - ok
15:18:28.0017 0x1b98 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:18:28.0056 0x1b98 CertPropSvc - ok
15:18:28.0070 0x1b98 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:18:28.0091 0x1b98 circlass - ok
15:18:28.0124 0x1b98 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
15:18:28.0141 0x1b98 CLFS - ok
15:18:28.0205 0x1b98 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:28.0216 0x1b98 clr_optimization_v2.0.50727_32 - ok
15:18:28.0267 0x1b98 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:18:28.0278 0x1b98 clr_optimization_v2.0.50727_64 - ok
15:18:28.0313 0x1b98 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:28.0326 0x1b98 clr_optimization_v4.0.30319_32 - ok
15:18:28.0347 0x1b98 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:18:28.0360 0x1b98 clr_optimization_v4.0.30319_64 - ok
15:18:28.0382 0x1b98 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:18:28.0407 0x1b98 CmBatt - ok
15:18:28.0430 0x1b98 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:18:28.0440 0x1b98 cmdide - ok
15:18:28.0473 0x1b98 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
15:18:28.0512 0x1b98 CNG - ok
15:18:28.0525 0x1b98 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:18:28.0535 0x1b98 Compbatt - ok
15:18:28.0565 0x1b98 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:18:28.0589 0x1b98 CompositeBus - ok
15:18:28.0592 0x1b98 COMSysApp - ok
15:18:28.0618 0x1b98 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:18:28.0629 0x1b98 crcdisk - ok
15:18:28.0654 0x1b98 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:18:28.0695 0x1b98 CryptSvc - ok
15:18:28.0768 0x1b98 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:18:28.0793 0x1b98 cvhsvc - ok
15:18:28.0823 0x1b98 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:18:28.0877 0x1b98 DcomLaunch - ok
15:18:28.0905 0x1b98 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:18:28.0954 0x1b98 defragsvc - ok
15:18:28.0969 0x1b98 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:18:29.0004 0x1b98 DfsC - ok
15:18:29.0035 0x1b98 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:18:29.0075 0x1b98 Dhcp - ok
15:18:29.0086 0x1b98 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:18:29.0124 0x1b98 discache - ok
|
|
03.04.2015, 01:42
| #6 |
| | Windows 7: Webseiten werden auf Russische Werbung umgeleitet.Code:
ATTFilter 0x1b98 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:18:29.0168 0x1b98 Disk - ok
15:18:29.0196 0x1b98 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:18:29.0237 0x1b98 Dnscache - ok
15:18:29.0274 0x1b98 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:18:29.0318 0x1b98 dot3svc - ok
15:18:29.0345 0x1b98 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:18:29.0383 0x1b98 DPS - ok
15:18:29.0400 0x1b98 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:18:29.0435 0x1b98 drmkaud - ok
15:18:29.0482 0x1b98 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:18:29.0511 0x1b98 DXGKrnl - ok
15:18:29.0516 0x1b98 EagleX64 - ok
15:18:29.0556 0x1b98 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:18:29.0605 0x1b98 EapHost - ok
15:18:29.0716 0x1b98 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:18:29.0815 0x1b98 ebdrv - ok
15:18:29.0851 0x1b98 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
15:18:29.0891 0x1b98 EFS - ok
15:18:29.0952 0x1b98 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:18:30.0011 0x1b98 ehRecvr - ok
15:18:30.0038 0x1b98 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:18:30.0063 0x1b98 ehSched - ok
15:18:30.0099 0x1b98 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:18:30.0119 0x1b98 elxstor - ok
15:18:30.0146 0x1b98 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:18:30.0170 0x1b98 ErrDev - ok
15:18:30.0193 0x1b98 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:18:30.0239 0x1b98 EventSystem - ok
15:18:30.0269 0x1b98 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:18:30.0301 0x1b98 exfat - ok
15:18:30.0338 0x1b98 FairplayKD - ok
15:18:30.0359 0x1b98 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:18:30.0398 0x1b98 fastfat - ok
15:18:30.0442 0x1b98 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:18:30.0507 0x1b98 Fax - ok
15:18:30.0526 0x1b98 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:18:30.0545 0x1b98 fdc - ok
15:18:30.0561 0x1b98 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:18:30.0602 0x1b98 fdPHost - ok
15:18:30.0625 0x1b98 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:18:30.0663 0x1b98 FDResPub - ok
15:18:30.0682 0x1b98 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:18:30.0692 0x1b98 FileInfo - ok
15:18:30.0705 0x1b98 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:18:30.0748 0x1b98 Filetrace - ok
15:18:30.0781 0x1b98 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:18:30.0793 0x1b98 flpydisk - ok
15:18:30.0821 0x1b98 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:18:30.0836 0x1b98 FltMgr - ok
15:18:30.0893 0x1b98 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
15:18:30.0938 0x1b98 FontCache - ok
15:18:30.0973 0x1b98 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:18:30.0982 0x1b98 FontCache3.0.0.0 - ok
15:18:30.0997 0x1b98 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:18:31.0007 0x1b98 FsDepends - ok
15:18:31.0024 0x1b98 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:18:31.0034 0x1b98 Fs_Rec - ok
15:18:31.0061 0x1b98 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:18:31.0078 0x1b98 fvevol - ok
15:18:31.0109 0x1b98 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:18:31.0120 0x1b98 gagp30kx - ok
15:18:31.0209 0x1b98 [ EBF714703106C1D5BC3E7B4C389A5828, D09472BCF71B58CF8F463131AD778F4D2E189047EE6B9AF088BCDE7B25398682 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
15:18:31.0242 0x1b98 GfExperienceService - ok
15:18:31.0293 0x1b98 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:18:31.0339 0x1b98 gpsvc - ok
15:18:31.0368 0x1b98 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:31.0378 0x1b98 gupdate - ok
15:18:31.0382 0x1b98 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:31.0392 0x1b98 gupdatem - ok
15:18:31.0423 0x1b98 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:18:31.0433 0x1b98 hamachi - ok
15:18:31.0446 0x1b98 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:18:31.0482 0x1b98 hcw85cir - ok
15:18:31.0520 0x1b98 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:18:31.0552 0x1b98 HdAudAddService - ok
15:18:31.0565 0x1b98 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:18:31.0588 0x1b98 HDAudBus - ok
15:18:31.0597 0x1b98 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:18:31.0623 0x1b98 HidBatt - ok
15:18:31.0647 0x1b98 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:18:31.0668 0x1b98 HidBth - ok
15:18:31.0689 0x1b98 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:18:31.0704 0x1b98 HidIr - ok
15:18:31.0718 0x1b98 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
15:18:31.0755 0x1b98 hidserv - ok
15:18:31.0781 0x1b98 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:18:31.0801 0x1b98 HidUsb - ok
15:18:31.0816 0x1b98 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:18:31.0862 0x1b98 hkmsvc - ok
15:18:31.0886 0x1b98 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:18:31.0908 0x1b98 HomeGroupListener - ok
15:18:31.0922 0x1b98 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:18:31.0945 0x1b98 HomeGroupProvider - ok
15:18:31.0962 0x1b98 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:18:31.0973 0x1b98 HpSAMD - ok
15:18:32.0005 0x1b98 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:18:32.0064 0x1b98 HTTP - ok
15:18:32.0087 0x1b98 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:18:32.0096 0x1b98 hwpolicy - ok
15:18:32.0117 0x1b98 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:18:32.0131 0x1b98 i8042prt - ok
15:18:32.0163 0x1b98 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:18:32.0181 0x1b98 iaStorV - ok
15:18:32.0237 0x1b98 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:18:32.0266 0x1b98 idsvc - ok
15:18:32.0271 0x1b98 IEEtwCollectorService - ok
15:18:32.0289 0x1b98 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:18:32.0300 0x1b98 iirsp - ok
15:18:32.0338 0x1b98 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:18:32.0392 0x1b98 IKEEXT - ok
15:18:32.0520 0x1b98 [ 6BDCC85422817FA53CD705ADE312CE6A, 2EBEDF34493B4AE34442A89ACBCDB2C39447F21FBB015BDD7935DE95DD217CD0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:18:32.0612 0x1b98 IntcAzAudAddService - ok
15:18:32.0641 0x1b98 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:18:32.0650 0x1b98 intelide - ok
15:18:32.0659 0x1b98 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:18:32.0672 0x1b98 intelppm - ok
15:18:32.0696 0x1b98 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:18:32.0732 0x1b98 IPBusEnum - ok
15:18:32.0750 0x1b98 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:32.0789 0x1b98 IpFilterDriver - ok
15:18:32.0829 0x1b98 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:18:32.0881 0x1b98 iphlpsvc - ok
15:18:32.0895 0x1b98 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:18:32.0914 0x1b98 IPMIDRV - ok
15:18:32.0929 0x1b98 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:18:32.0966 0x1b98 IPNAT - ok
15:18:32.0993 0x1b98 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:18:33.0022 0x1b98 IRENUM - ok
15:18:33.0037 0x1b98 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:18:33.0048 0x1b98 isapnp - ok
15:18:33.0072 0x1b98 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:18:33.0086 0x1b98 iScsiPrt - ok
15:18:33.0104 0x1b98 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:18:33.0115 0x1b98 kbdclass - ok
15:18:33.0122 0x1b98 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:18:33.0146 0x1b98 kbdhid - ok
15:18:33.0159 0x1b98 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
15:18:33.0172 0x1b98 KeyIso - ok
15:18:33.0193 0x1b98 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:18:33.0204 0x1b98 KSecDD - ok
15:18:33.0225 0x1b98 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:18:33.0238 0x1b98 KSecPkg - ok
15:18:33.0243 0x1b98 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:18:33.0291 0x1b98 ksthunk - ok
15:18:33.0318 0x1b98 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:18:33.0372 0x1b98 KtmRm - ok
15:18:33.0395 0x1b98 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:18:33.0437 0x1b98 LanmanServer - ok
15:18:33.0456 0x1b98 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:18:33.0499 0x1b98 LanmanWorkstation - ok
15:18:33.0522 0x1b98 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:18:33.0563 0x1b98 lltdio - ok
15:18:33.0594 0x1b98 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:18:33.0638 0x1b98 lltdsvc - ok
15:18:33.0650 0x1b98 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:18:33.0685 0x1b98 lmhosts - ok
15:18:33.0714 0x1b98 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:18:33.0725 0x1b98 LSI_FC - ok
15:18:33.0753 0x1b98 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:18:33.0764 0x1b98 LSI_SAS - ok
15:18:33.0792 0x1b98 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:18:33.0803 0x1b98 LSI_SAS2 - ok
15:18:33.0811 0x1b98 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:18:33.0823 0x1b98 LSI_SCSI - ok
15:18:33.0834 0x1b98 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:18:33.0870 0x1b98 luafv - ok
15:18:34.0003 0x1b98 [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
15:18:34.0117 0x1b98 LVUVC64 - ok
15:18:34.0159 0x1b98 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:18:34.0185 0x1b98 Mcx2Svc - ok
15:18:34.0201 0x1b98 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:18:34.0211 0x1b98 megasas - ok
15:18:34.0220 0x1b98 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:18:34.0236 0x1b98 MegaSR - ok
15:18:34.0259 0x1b98 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:18:34.0289 0x1b98 MMCSS - ok
15:18:34.0305 0x1b98 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:18:34.0342 0x1b98 Modem - ok
15:18:34.0366 0x1b98 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:18:34.0391 0x1b98 monitor - ok
15:18:34.0406 0x1b98 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:18:34.0416 0x1b98 mouclass - ok
15:18:34.0425 0x1b98 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:18:34.0450 0x1b98 mouhid - ok
15:18:34.0471 0x1b98 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:18:34.0483 0x1b98 mountmgr - ok
15:18:34.0510 0x1b98 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:18:34.0522 0x1b98 mpio - ok
15:18:34.0546 0x1b98 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:18:34.0576 0x1b98 mpsdrv - ok
15:18:34.0733 0x1b98 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:18:34.0780 0x1b98 MpsSvc - ok
15:18:34.0813 0x1b98 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:18:34.0836 0x1b98 MRxDAV - ok
15:18:34.0856 0x1b98 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:34.0892 0x1b98 mrxsmb - ok
15:18:34.0913 0x1b98 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:34.0931 0x1b98 mrxsmb10 - ok
15:18:34.0955 0x1b98 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:34.0970 0x1b98 mrxsmb20 - ok
15:18:34.0975 0x1b98 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:18:34.0985 0x1b98 msahci - ok
15:18:35.0013 0x1b98 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:18:35.0025 0x1b98 msdsm - ok
15:18:35.0048 0x1b98 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:18:35.0070 0x1b98 MSDTC - ok
15:18:35.0088 0x1b98 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:18:35.0127 0x1b98 Msfs - ok
15:18:35.0143 0x1b98 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:18:35.0176 0x1b98 mshidkmdf - ok
15:18:35.0202 0x1b98 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:18:35.0211 0x1b98 msisadrv - ok
15:18:35.0235 0x1b98 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:18:35.0277 0x1b98 MSiSCSI - ok
15:18:35.0280 0x1b98 msiserver - ok
15:18:35.0297 0x1b98 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:18:35.0343 0x1b98 MSKSSRV - ok
15:18:35.0365 0x1b98 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:35.0400 0x1b98 MSPCLOCK - ok
15:18:35.0403 0x1b98 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:18:35.0450 0x1b98 MSPQM - ok
15:18:35.0482 0x1b98 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:18:35.0498 0x1b98 MsRPC - ok
15:18:35.0522 0x1b98 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:18:35.0533 0x1b98 mssmbios - ok
15:18:35.0548 0x1b98 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:18:35.0588 0x1b98 MSTEE - ok
15:18:35.0604 0x1b98 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:18:35.0625 0x1b98 MTConfig - ok
15:18:35.0637 0x1b98 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:18:35.0648 0x1b98 Mup - ok
15:18:35.0682 0x1b98 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:18:35.0731 0x1b98 napagent - ok
15:18:35.0765 0x1b98 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:18:35.0801 0x1b98 NativeWifiP - ok
15:18:35.0844 0x1b98 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
15:18:35.0873 0x1b98 NDIS - ok
15:18:35.0887 0x1b98 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:35.0916 0x1b98 NdisCap - ok
15:18:35.0942 0x1b98 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:35.0970 0x1b98 NdisTapi - ok
15:18:35.0996 0x1b98 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:36.0031 0x1b98 Ndisuio - ok
15:18:36.0053 0x1b98 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:36.0095 0x1b98 NdisWan - ok
15:18:36.0105 0x1b98 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:18:36.0134 0x1b98 NDProxy - ok
15:18:36.0151 0x1b98 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:18:36.0190 0x1b98 NetBIOS - ok
15:18:36.0207 0x1b98 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:18:36.0240 0x1b98 NetBT - ok
15:18:36.0251 0x1b98 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
15:18:36.0264 0x1b98 Netlogon - ok
15:18:36.0295 0x1b98 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:18:36.0345 0x1b98 Netman - ok
15:18:36.0373 0x1b98 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0387 0x1b98 NetMsmqActivator - ok
15:18:36.0398 0x1b98 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0412 0x1b98 NetPipeActivator - ok
15:18:36.0440 0x1b98 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:18:36.0492 0x1b98 netprofm - ok
15:18:36.0498 0x1b98 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0512 0x1b98 NetTcpActivator - ok
15:18:36.0518 0x1b98 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0532 0x1b98 NetTcpPortSharing - ok
15:18:36.0550 0x1b98 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:18:36.0561 0x1b98 nfrd960 - ok
15:18:36.0589 0x1b98 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:18:36.0616 0x1b98 NlaSvc - ok
15:18:36.0644 0x1b98 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:18:36.0673 0x1b98 Npfs - ok
15:18:36.0691 0x1b98 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:18:36.0722 0x1b98 nsi - ok
15:18:36.0758 0x1b98 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:18:36.0798 0x1b98 nsiproxy - ok
15:18:36.0864 0x1b98 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:18:36.0907 0x1b98 Ntfs - ok
15:18:36.0925 0x1b98 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:18:36.0966 0x1b98 Null - ok
15:18:36.0997 0x1b98 [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:18:37.0009 0x1b98 NVHDA - ok
15:18:37.0274 0x1b98 [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:37.0500 0x1b98 nvlddmkm - ok
15:18:37.0612 0x1b98 [ F758A5752CA282925CE3324FDBBADBED, E9DE21AE4509BC401FE7BD717E1585BDEAF2E016A4DC8BB829DD43F54101923F ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
15:18:37.0658 0x1b98 NvNetworkService - ok
15:18:37.0676 0x1b98 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:18:37.0688 0x1b98 nvraid - ok
15:18:37.0719 0x1b98 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:18:37.0733 0x1b98 nvstor - ok
15:18:37.0783 0x1b98 [ 0772513BF441995A61A6C6F87BE12174, 308203FACAAFC87AA18765F0F358ADF5F99D0CAA9ADE51C14C43416FAB68FA18 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
15:18:37.0792 0x1b98 NvStreamKms - ok
15:18:37.0796 0x1b98 NvStreamSvc - ok
15:18:37.0835 0x1b98 [ 2AF7D8BCD8912FC16AA15268CDCF2454, 3A2E5ADFC6213A6EA83F78026518EC7EE0DD4BBA7C210CB7A41007BB57DC0636 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:18:37.0864 0x1b98 nvsvc - ok
15:18:37.0885 0x1b98 [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:18:37.0895 0x1b98 nvvad_WaveExtensible - ok
15:18:37.0926 0x1b98 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:18:37.0939 0x1b98 nv_agp - ok
15:18:37.0972 0x1b98 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:18:37.0997 0x1b98 ohci1394 - ok
15:18:38.0092 0x1b98 [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
15:18:38.0180 0x1b98 Origin Client Service - ok
15:18:38.0213 0x1b98 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:38.0226 0x1b98 ose - ok
15:18:38.0396 0x1b98 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:18:38.0558 0x1b98 osppsvc - ok
15:18:38.0597 0x1b98 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:18:38.0644 0x1b98 p2pimsvc - ok
15:18:38.0668 0x1b98 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
15:18:38.0697 0x1b98 p2psvc - ok
15:18:38.0733 0x1b98 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:18:38.0769 0x1b98 Parport - ok
15:18:38.0793 0x1b98 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:18:38.0805 0x1b98 partmgr - ok
15:18:38.0828 0x1b98 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
15:18:38.0858 0x1b98 PcaSvc - ok
15:18:38.0882 0x1b98 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
15:18:38.0896 0x1b98 pci - ok
15:18:38.0927 0x1b98 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
15:18:38.0937 0x1b98 pciide - ok
15:18:38.0960 0x1b98 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:18:38.0975 0x1b98 pcmcia - ok
15:18:38.0994 0x1b98 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
15:18:39.0005 0x1b98 pcw - ok
15:18:39.0042 0x1b98 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:18:39.0116 0x1b98 PEAUTH - ok
15:18:39.0171 0x1b98 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:18:39.0196 0x1b98 PerfHost - ok
15:18:39.0253 0x1b98 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
15:18:39.0351 0x1b98 pla - ok
15:18:39.0389 0x1b98 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:18:39.0430 0x1b98 PlugPlay - ok
15:18:39.0449 0x1b98 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:18:39.0471 0x1b98 PNRPAutoReg - ok
15:18:39.0489 0x1b98 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:18:39.0508 0x1b98 PNRPsvc - ok
15:18:39.0550 0x1b98 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:18:39.0607 0x1b98 PolicyAgent - ok
15:18:39.0645 0x1b98 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
15:18:39.0694 0x1b98 Power - ok
15:18:39.0757 0x1b98 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:18:39.0798 0x1b98 PptpMiniport - ok
15:18:39.0814 0x1b98 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
15:18:39.0838 0x1b98 Processor - ok
15:18:39.0872 0x1b98 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
15:18:39.0913 0x1b98 ProfSvc - ok
15:18:39.0925 0x1b98 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:18:39.0939 0x1b98 ProtectedStorage - ok
15:18:39.0977 0x1b98 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:18:40.0018 0x1b98 Psched - ok
15:18:40.0077 0x1b98 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:18:40.0142 0x1b98 ql2300 - ok
15:18:40.0169 0x1b98 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:18:40.0181 0x1b98 ql40xx - ok
15:18:40.0204 0x1b98 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
15:18:40.0229 0x1b98 QWAVE - ok
15:18:40.0248 0x1b98 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:18:40.0273 0x1b98 QWAVEdrv - ok
15:18:40.0288 0x1b98 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:18:40.0317 0x1b98 RasAcd - ok
15:18:40.0361 0x1b98 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:40.0390 0x1b98 RasAgileVpn - ok
15:18:40.0403 0x1b98 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
15:18:40.0446 0x1b98 RasAuto - ok
15:18:40.0472 0x1b98 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:40.0515 0x1b98 Rasl2tp - ok
15:18:40.0542 0x1b98 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
15:18:40.0580 0x1b98 RasMan - ok
15:18:40.0597 0x1b98 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:40.0634 0x1b98 RasPppoe - ok
15:18:40.0662 0x1b98 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:18:40.0703 0x1b98 RasSstp - ok
15:18:40.0719 0x1b98 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:18:40.0765 0x1b98 rdbss - ok
15:18:40.0782 0x1b98 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:18:40.0797 0x1b98 rdpbus - ok
15:18:40.0809 0x1b98 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:40.0837 0x1b98 RDPCDD - ok
15:18:40.0868 0x1b98 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:18:40.0906 0x1b98 RDPENCDD - ok
15:18:40.0917 0x1b98 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:18:40.0946 0x1b98 RDPREFMP - ok
15:18:40.0981 0x1b98 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:18:41.0016 0x1b98 RDPWD - ok
15:18:41.0056 0x1b98 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:18:41.0071 0x1b98 rdyboost - ok
15:18:41.0105 0x1b98 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:18:41.0155 0x1b98 RemoteAccess - ok
15:18:41.0182 0x1b98 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:18:41.0226 0x1b98 RemoteRegistry - ok
15:18:41.0245 0x1b98 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:18:41.0282 0x1b98 RpcEptMapper - ok
15:18:41.0308 0x1b98 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
15:18:41.0329 0x1b98 RpcLocator - ok
15:18:41.0356 0x1b98 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
15:18:41.0396 0x1b98 RpcSs - ok
15:18:41.0429 0x1b98 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:18:41.0459 0x1b98 rspndr - ok
15:18:41.0523 0x1b98 [ 7F4F11527AF5A7E4526CB6A146B3E40C, 705177014374AB2F12AF4558344C35C206C2820BD1A16770173EA10D094D182B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:18:41.0558 0x1b98 RTL8167 - ok
15:18:41.0575 0x1b98 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
15:18:41.0589 0x1b98 SamSs - ok
15:18:41.0621 0x1b98 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:18:41.0633 0x1b98 sbp2port - ok
15:18:41.0657 0x1b98 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:18:41.0692 0x1b98 SCardSvr - ok
15:18:41.0707 0x1b98 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:18:41.0744 0x1b98 scfilter - ok
15:18:41.0789 0x1b98 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
15:18:41.0865 0x1b98 Schedule - ok
15:18:41.0893 0x1b98 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:18:41.0921 0x1b98 SCPolicySvc - ok
15:18:41.0975 0x1b98 [ CDDE0B41D4C739B8C85E81C39A595A1A, EFD12069289D16E1BF667D305653C8689FB20FA340F9B1CDEB46C2D52CFF15B5 ] scramby C:\Windows\system32\drivers\scramby.sys
15:18:41.0984 0x1b98 scramby - ok
15:18:42.0005 0x1b98 [ 3C9A97573D3B8A8450F92636D9846A74, 8F25AD3D65F0D7A81053B88C1BC4626D63E26AC09AC4A65F5E428C9F87EA6031 ] scramby_out C:\Windows\system32\drivers\scramby_out.sys
15:18:42.0015 0x1b98 scramby_out - ok
15:18:42.0126 0x1b98 [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
15:18:42.0162 0x1b98 ScreamBAudioSvc - ok
15:18:42.0180 0x1b98 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:18:42.0211 0x1b98 SDRSVC - ok
15:18:42.0242 0x1b98 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:18:42.0285 0x1b98 secdrv - ok
15:18:42.0305 0x1b98 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
15:18:42.0335 0x1b98 seclogon - ok
15:18:42.0365 0x1b98 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
15:18:42.0404 0x1b98 SENS - ok
15:18:42.0423 0x1b98 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:18:42.0451 0x1b98 SensrSvc - ok
15:18:42.0465 0x1b98 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:18:42.0489 0x1b98 Serenum - ok
15:18:42.0528 0x1b98 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
15:18:42.0550 0x1b98 Serial - ok
15:18:42.0565 0x1b98 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:18:42.0590 0x1b98 sermouse - ok
15:18:42.0624 0x1b98 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
15:18:42.0666 0x1b98 SessionEnv - ok
15:18:42.0682 0x1b98 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:18:42.0697 0x1b98 sffdisk - ok
15:18:42.0701 0x1b98 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:18:42.0716 0x1b98 sffp_mmc - ok
15:18:42.0741 0x1b98 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:18:42.0770 0x1b98 sffp_sd - ok
15:18:42.0781 0x1b98 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:18:42.0806 0x1b98 sfloppy - ok
15:18:42.0851 0x1b98 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:18:42.0888 0x1b98 Sftfs - ok
15:18:42.0932 0x1b98 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:18:42.0952 0x1b98 sftlist - ok
15:18:42.0982 0x1b98 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:18:42.0999 0x1b98 Sftplay - ok
15:18:43.0009 0x1b98 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:18:43.0019 0x1b98 Sftredir - ok
15:18:43.0030 0x1b98 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:18:43.0040 0x1b98 Sftvol - ok
15:18:43.0057 0x1b98 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:18:43.0070 0x1b98 sftvsa - ok
15:18:43.0101 0x1b98 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:18:43.0153 0x1b98 SharedAccess - ok
15:18:43.0194 0x1b98 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:18:43.0244 0x1b98 ShellHWDetection - ok
15:18:43.0268 0x1b98 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:18:43.0279 0x1b98 SiSRaid2 - ok
15:18:43.0302 0x1b98 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:18:43.0313 0x1b98 SiSRaid4 - ok
15:18:43.0382 0x1b98 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:18:43.0400 0x1b98 SkypeUpdate - ok
15:18:43.0432 0x1b98 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:18:43.0474 0x1b98 Smb - ok
15:18:43.0510 0x1b98 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:18:43.0538 0x1b98 SNMPTRAP - ok
15:18:43.0557 0x1b98 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
15:18:43.0568 0x1b98 spldr - ok
15:18:43.0604 0x1b98 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
15:18:43.0661 0x1b98 Spooler - ok
15:18:43.0772 0x1b98 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
15:18:43.0926 0x1b98 sppsvc - ok
15:18:43.0954 0x1b98 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:18:43.0986 0x1b98 sppuinotify - ok
15:18:44.0017 0x1b98 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:18:44.0064 0x1b98 srv - ok
15:18:44.0095 0x1b98 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:18:44.0137 0x1b98 srv2 - ok
15:18:44.0171 0x1b98 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:18:44.0187 0x1b98 srvnet - ok
15:18:44.0232 0x1b98 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:18:44.0277 0x1b98 SSDPSRV - ok
15:18:44.0297 0x1b98 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:18:44.0329 0x1b98 SstpSvc - ok
15:18:44.0386 0x1b98 [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:18:44.0447 0x1b98 Steam Client Service - ok
15:18:44.0492 0x1b98 [ 6213F20854FB987119503F9F91C70B9F, E1683753D192B154DBFE1FD03625A2A56F8576CE2A7619B41159B1C718C73B88 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:18:44.0508 0x1b98 Stereo Service - ok
15:18:44.0543 0x1b98 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:18:44.0553 0x1b98 stexstor - ok
15:18:44.0616 0x1b98 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
15:18:44.0690 0x1b98 stisvc - ok
15:18:44.0707 0x1b98 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:18:44.0717 0x1b98 swenum - ok
15:18:44.0764 0x1b98 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
15:18:44.0819 0x1b98 swprv - ok
15:18:44.0879 0x1b98 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
15:18:44.0967 0x1b98 SysMain - ok
15:18:44.0995 0x1b98 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:18:45.0017 0x1b98 TabletInputService - ok
15:18:45.0027 0x1b98 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:18:45.0071 0x1b98 TapiSrv - ok
15:18:45.0090 0x1b98 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
15:18:45.0122 0x1b98 TBS - ok
15:18:45.0190 0x1b98 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:18:45.0257 0x1b98 Tcpip - ok
15:18:45.0314 0x1b98 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:18:45.0361 0x1b98 TCPIP6 - ok
15:18:45.0395 0x1b98 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:18:45.0407 0x1b98 tcpipreg - ok
15:18:45.0426 0x1b98 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:18:45.0459 0x1b98 TDPIPE - ok
15:18:45.0484 0x1b98 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:18:45.0503 0x1b98 TDTCP - ok
15:18:45.0550 0x1b98 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:18:45.0580 0x1b98 tdx - ok
15:18:45.0596 0x1b98 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:18:45.0607 0x1b98 TermDD - ok
15:18:45.0644 0x1b98 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
15:18:45.0718 0x1b98 TermService - ok
15:18:45.0743 0x1b98 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
15:18:45.0763 0x1b98 Themes - ok
15:18:45.0793 0x1b98 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
15:18:45.0824 0x1b98 THREADORDER - ok
15:18:45.0844 0x1b98 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
15:18:45.0889 0x1b98 TrkWks - ok
15:18:45.0937 0x1b98 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:18:45.0969 0x1b98 TrustedInstaller - ok
15:18:45.0982 0x1b98 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:46.0002 0x1b98 tssecsrv - ok
15:18:46.0024 0x1b98 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:18:46.0046 0x1b98 TsUsbFlt - ok
15:18:46.0081 0x1b98 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:18:46.0094 0x1b98 TsUsbGD - ok
15:18:46.0143 0x1b98 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:18:46.0182 0x1b98 tunnel - ok
15:18:46.0209 0x1b98 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:18:46.0220 0x1b98 uagp35 - ok
15:18:46.0284 0x1b98 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:18:46.0334 0x1b98 udfs - ok
15:18:46.0360 0x1b98 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:18:46.0391 0x1b98 UI0Detect - ok
15:18:46.0413 0x1b98 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:18:46.0423 0x1b98 uliagpkx - ok
15:18:46.0446 0x1b98 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:18:46.0472 0x1b98 umbus - ok
15:18:46.0486 0x1b98 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
15:18:46.0513 0x1b98 UmPass - ok
15:18:46.0554 0x1b98 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:18:46.0572 0x1b98 UMVPFSrv - ok
15:18:46.0603 0x1b98 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
15:18:46.0660 0x1b98 upnphost - ok
15:18:46.0688 0x1b98 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:18:46.0720 0x1b98 usbaudio - ok
15:18:46.0769 0x1b98 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:46.0812 0x1b98 usbccgp - ok
15:18:46.0862 0x1b98 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:18:46.0928 0x1b98 usbcir - ok
15:18:46.0933 0x1b98 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:18:46.0954 0x1b98 usbehci - ok
15:18:46.0971 0x1b98 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:18:47.0007 0x1b98 usbhub - ok
15:18:47.0019 0x1b98 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:18:47.0031 0x1b98 usbohci - ok
15:18:47.0086 0x1b98 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:18:47.0100 0x1b98 usbprint - ok
15:18:47.0137 0x1b98 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:47.0162 0x1b98 USBSTOR - ok
15:18:47.0189 0x1b98 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:18:47.0210 0x1b98 usbuhci - ok
15:18:47.0251 0x1b98 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:18:47.0279 0x1b98 usbvideo - ok
15:18:47.0307 0x1b98 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
15:18:47.0346 0x1b98 UxSms - ok
15:18:47.0385 0x1b98 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
15:18:47.0398 0x1b98 VaultSvc - ok
15:18:47.0431 0x1b98 [ 4006E66939B4D716C990256CF93D4BC1, 5E9366D8B684768B0188077C05B52B29D43B9A401A73D81045B9823458334223 ] VBAudioVACMME C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys
15:18:47.0441 0x1b98 VBAudioVACMME - ok
15:18:47.0529 0x1b98 [ CD74DB141650A8E131F30250381E5A77, C3F6CC4FA70D73A0453126AD6FB1A8A285A6B66EC2C661D9B4F798F8D9CB3976 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
15:18:47.0545 0x1b98 VBoxAswDrv - ok
15:18:47.0584 0x1b98 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:18:47.0595 0x1b98 vdrvroot - ok
15:18:47.0641 0x1b98 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
15:18:47.0715 0x1b98 vds - ok
15:18:47.0738 0x1b98 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:47.0755 0x1b98 vga - ok
15:18:47.0775 0x1b98 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:18:47.0812 0x1b98 VgaSave - ok
15:18:47.0841 0x1b98 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:18:47.0857 0x1b98 vhdmp - ok
15:18:47.0881 0x1b98 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
15:18:47.0892 0x1b98 viaide - ok
15:18:47.0911 0x1b98 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:18:47.0922 0x1b98 volmgr - ok
15:18:47.0960 0x1b98 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:18:47.0978 0x1b98 volmgrx - ok
15:18:48.0011 0x1b98 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:18:48.0028 0x1b98 volsnap - ok
15:18:48.0062 0x1b98 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:18:48.0076 0x1b98 vsmraid - ok
15:18:48.0137 0x1b98 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
15:18:48.0242 0x1b98 VSS - ok
15:18:48.0261 0x1b98 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:18:48.0288 0x1b98 vwifibus - ok
15:18:48.0332 0x1b98 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
15:18:48.0373 0x1b98 W32Time - ok
15:18:48.0406 0x1b98 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:18:48.0431 0x1b98 WacomPen - ok
15:18:48.0470 0x1b98 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:18:48.0514 0x1b98 WANARP - ok
15:18:48.0520 0x1b98 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:18:48.0549 0x1b98 Wanarpv6 - ok
15:18:48.0601 0x1b98 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
15:18:48.0708 0x1b98 wbengine - ok
15:18:48.0736 0x1b98 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:18:48.0759 0x1b98 WbioSrvc - ok
15:18:48.0780 0x1b98 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:18:48.0831 0x1b98 wcncsvc - ok
15:18:48.0860 0x1b98 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:18:48.0895 0x1b98 WcsPlugInService - ok
15:18:48.0934 0x1b98 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
15:18:48.0944 0x1b98 Wd - ok
15:18:48.0995 0x1b98 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:18:49.0035 0x1b98 Wdf01000 - ok
15:18:49.0062 0x1b98 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:18:49.0124 0x1b98 WdiServiceHost - ok
15:18:49.0130 0x1b98 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:18:49.0149 0x1b98 WdiSystemHost - ok
15:18:49.0176 0x1b98 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
15:18:49.0203 0x1b98 WebClient - ok
15:18:49.0229 0x1b98 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:18:49.0278 0x1b98 Wecsvc - ok
15:18:49.0302 0x1b98 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:18:49.0335 0x1b98 wercplsupport - ok
15:18:49.0362 0x1b98 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
15:18:49.0394 0x1b98 WerSvc - ok
15:18:49.0420 0x1b98 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:49.0451 0x1b98 WfpLwf - ok
15:18:49.0481 0x1b98 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:18:49.0491 0x1b98 WIMMount - ok
15:18:49.0512 0x1b98 WinDefend - ok
15:18:49.0530 0x1b98 WinHttpAutoProxySvc - ok
15:18:49.0573 0x1b98 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:18:49.0614 0x1b98 Winmgmt - ok
15:18:49.0665 0x1b98 WinRing0_1_2_0 - ok
15:18:49.0746 0x1b98 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
15:18:49.0852 0x1b98 WinRM - ok
15:18:49.0896 0x1b98 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:18:49.0955 0x1b98 WinUsb - ok
15:18:49.0996 0x1b98 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:18:50.0068 0x1b98 Wlansvc - ok
15:18:50.0162 0x1b98 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:18:50.0217 0x1b98 wlidsvc - ok
15:18:50.0248 0x1b98 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:18:50.0260 0x1b98 WmiAcpi - ok
15:18:50.0299 0x1b98 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:18:50.0327 0x1b98 wmiApSrv - ok
15:18:50.0370 0x1b98 WMPNetworkSvc - ok
15:18:50.0406 0x1b98 [ B868BA9AE6C5F13FE0E54DCCE8FC9448, 4F66DD0A8519464D9A26E8CB5685CA0874E6558E2B066873EFDD1E833A0EE89E ] wolfkr C:\Windows\system32\wolfk64.sys
15:18:50.0431 0x1b98 wolfkr - ok
15:18:50.0460 0x1b98 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:18:50.0475 0x1b98 WPCSvc - ok
15:18:50.0502 0x1b98 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:18:50.0521 0x1b98 WPDBusEnum - ok
15:18:50.0552 0x1b98 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:18:50.0586 0x1b98 ws2ifsl - ok
15:18:50.0607 0x1b98 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
15:18:50.0637 0x1b98 wscsvc - ok
15:18:50.0640 0x1b98 WSearch - ok
15:18:50.0723 0x1b98 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
15:18:50.0809 0x1b98 wuauserv - ok
15:18:50.0830 0x1b98 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:18:50.0864 0x1b98 WudfPf - ok
15:18:50.0882 0x1b98 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:50.0907 0x1b98 WUDFRd - ok
15:18:50.0923 0x1b98 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:18:50.0948 0x1b98 wudfsvc - ok
15:18:50.0971 0x1b98 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:18:51.0015 0x1b98 WwanSvc - ok
15:18:51.0020 0x1b98 ================ Scan global ===============================
15:18:51.0048 0x1b98 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:18:51.0087 0x1b98 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:18:51.0104 0x1b98 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:18:51.0128 0x1b98 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:18:51.0145 0x1b98 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:18:51.0154 0x1b98 [ Global ] - ok
15:18:51.0154 0x1b98 ================ Scan MBR ==================================
15:18:51.0180 0x1b98 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:18:51.0440 0x1b98 \Device\Harddisk0\DR0 - ok
15:18:51.0440 0x1b98 ================ Scan VBR ==================================
15:18:51.0442 0x1b98 [ 08AB10D05CFA8DBA842F8B731493C7E4 ] \Device\Harddisk0\DR0\Partition1
15:18:51.0459 0x1b98 \Device\Harddisk0\DR0\Partition1 - ok
15:18:51.0461 0x1b98 [ C877ECE1EF673F21D61823E0C204D988 ] \Device\Harddisk0\DR0\Partition2
15:18:51.0469 0x1b98 \Device\Harddisk0\DR0\Partition2 - ok
15:18:51.0470 0x1b98 ================ Scan generic autorun ======================
15:18:51.0815 0x1b98 [ 9AC062437035B077C0F3B1BD738EC82A, DAC42AA903C3A6F7CB196D3D738FFDDADC8BD2138F0703F1DB035337540D53B7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:18:52.0077 0x1b98 RtHDVCpl - ok
15:18:52.0192 0x1b98 [ 638644168D9B5B5093AD84C9C162B550, BDBAB13BA6D369B7F87F721518F7EBD4B14D85B80BCC1E37FA929BB77200401B ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
15:18:52.0256 0x1b98 NvBackend - ok
15:18:52.0284 0x1b98 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
15:18:52.0304 0x1b98 ShadowPlay - ok
15:18:52.0462 0x1b98 [ 938FA6F63B210FB8EF5A7B2FC1229431, 545DDA9C32DF14B50688F8192A345FE66D2DB3F8763ECBF85B38AC829E49E1D9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:18:52.0587 0x1b98 AvastUI.exe - ok
15:18:52.0635 0x1b98 [ 9153F2335BCDB87F41559CF066223BF9, C0F89F9A63B1F49F007A971F5180128EC0AFBBBF7CFA82CA1FA44CB9DB5F8BB3 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:18:52.0653 0x1b98 SunJavaUpdateSched - ok
15:18:52.0729 0x1b98 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:18:52.0813 0x1b98 Sidebar - ok
15:18:52.0839 0x1b98 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:18:52.0870 0x1b98 mctadmin - ok
15:18:52.0899 0x1b98 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:18:52.0936 0x1b98 Sidebar - ok
15:18:52.0943 0x1b98 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:18:52.0961 0x1b98 mctadmin - ok
15:18:52.0962 0x1b98 Waiting for KSN requests completion. In queue: 200
15:18:53.0962 0x1b98 Waiting for KSN requests completion. In queue: 200
15:18:54.0965 0x1b98 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
15:18:54.0966 0x1b98 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41010 ( enabled )
15:18:56.0103 0x1b98 ============================================================
15:18:56.0103 0x1b98 Scan finished
15:18:56.0103 0x1b98 ============================================================
15:18:56.0108 0x0ba0 Detected object count: 0
15:18:56.0108 0x0ba0 Actual detected object count: 0
15:49:52.0504 0x1848 Deinitialize success
|
|
03.04.2015, 13:45
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.04.2015, 17:28
| #8 |
| | Windows 7: Webseiten werden auf Russische Werbung umgeleitet.Code:
ATTFilter ComboFix 15-04-01.01 - Agando 03.04.2015 17:57:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2492 [GMT 2:00]
ausgeführt von:: c:\users\Agando\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-03 bis 2015-04-03 ))))))))))))))))))))))))))))))
.
.
2015-04-03 16:25 . 2015-04-03 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-01 19:51 . 2015-04-01 19:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A00B05D8-2ED1-4943-8BEB-27892F096B45}\offreg.dll
2015-04-01 12:49 . 2015-04-01 13:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-01 12:49 . 2015-04-01 12:54 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 12:49 . 2015-04-01 12:53 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 10:53 . 2015-04-01 10:55 -------- d-----w- C:\FRST
2015-04-01 03:07 . 2015-03-23 01:32 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A00B05D8-2ED1-4943-8BEB-27892F096B45}\mpengine.dll
2015-03-30 16:30 . 2015-04-02 21:39 -------- d-----w- C:\Diablo II
2015-03-30 16:03 . 2015-03-30 16:17 -------- d-----w- c:\users\Agando\D2LOD-1.12A-deDE
2015-03-30 16:01 . 2015-03-30 16:20 -------- d-----w- c:\users\Agando\D2-1.12A-enGB
2015-03-25 14:50 . 2015-03-25 14:50 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-03-25 08:42 . 2015-03-25 08:42 -------- d-----w- c:\users\Agando\AppData\Local\Avg2014
2015-03-24 06:41 . 2015-03-24 06:41 -------- d-----w- c:\users\Agando\AppData\Roaming\TuneUp Software
2015-03-24 06:41 . 2015-03-24 06:41 -------- d-----w- c:\users\Agando\AppData\Local\TuneUp Software
2015-03-24 06:38 . 2015-03-24 06:38 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-24 06:38 . 2015-03-24 09:05 -------- d-----w- c:\programdata\TuneUp Software
2015-03-24 06:38 . 2015-03-24 06:38 -------- d--h--w- c:\programdata\Common Files
2015-03-24 06:38 . 2015-03-24 06:38 -------- d-----w- c:\program files\Common Files\VST2
2015-03-24 06:38 . 2015-03-24 06:38 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2015-03-24 06:38 . 2015-03-24 06:38 -------- d-----w- c:\program files (x86)\VstPlugins
2015-03-24 06:38 . 2015-03-24 06:38 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
2015-03-24 06:38 . 2015-03-24 06:38 -------- d-----w- c:\users\Agando\AppData\Roaming\OpenCandy
2015-03-24 06:38 . 2015-03-25 14:48 -------- d-----w- c:\program files\Image-Line
2015-03-24 06:37 . 2015-03-24 06:37 -------- d-----w- c:\program files (x86)\DSPRobotics
2015-03-24 06:31 . 2015-03-24 06:37 -------- d-----w- c:\program files (x86)\Image-Line
2015-03-23 14:06 . 2015-04-02 16:13 -------- d-----w- C:\Temp
2015-03-22 16:59 . 2015-03-22 16:59 -------- d-----w- c:\users\Agando\AppData\Roaming\AVAST Software
2015-03-22 16:54 . 2015-03-22 16:54 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-22 16:54 . 2015-03-22 16:54 268640 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-22 16:54 . 2015-03-22 16:54 441728 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-22 16:54 . 2015-03-22 16:54 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-22 16:54 . 2015-03-22 16:54 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-22 16:54 . 2015-03-22 16:54 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-22 16:54 . 2015-03-22 16:54 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-22 16:54 . 2015-03-22 16:53 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-22 16:54 . 2015-03-22 16:53 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-03-22 16:54 . 2015-03-22 16:54 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-22 16:53 . 2015-03-22 16:53 43112 ----a-w- c:\windows\avastSS.scr
2015-03-22 16:53 . 2015-03-22 16:53 449896 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-03-22 16:52 . 2015-03-22 16:52 -------- d-----w- c:\program files\AVAST Software
2015-03-22 06:57 . 2015-03-22 06:57 -------- d-----w- c:\users\Agando\AppData\Local\Gameforge4d
2015-03-21 17:45 . 2015-04-01 12:50 -------- d-----w- c:\programdata\Malwarebytes
2015-03-21 09:38 . 2015-03-21 09:44 -------- d-----w- C:\AdwCleaner
2015-03-21 06:08 . 2015-03-25 15:03 -------- d-----w- c:\users\Agando\AppData\Local\FreeSystemUtilities
2015-03-20 16:17 . 2015-03-20 16:17 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2015-03-20 16:16 . 2015-03-13 15:38 622224 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-03-14 18:35 . 2015-03-14 20:00 -------- d-----w- c:\users\Agando\AppData\Local\PAYDAY 2
2015-03-11 08:48 . 2015-03-11 08:48 -------- d-----r- C:\MSOCache
2015-03-10 16:22 . 2015-03-10 16:22 0 ----a-w- c:\windows\SysWow64\sho4835.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-28 03:44 . 2014-10-20 11:10 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:44 . 2014-10-20 11:10 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:43 . 2014-10-20 11:10 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2014-10-20 11:10 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-03-13 19:41 . 2015-01-01 13:12 24775368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-03-13 19:41 . 2014-10-21 12:22 18580512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2014-10-21 12:22 16022016 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-03-13 19:41 . 2014-10-21 12:22 2906928 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-03-13 19:41 . 2014-10-20 11:09 73872 ----a-w- c:\windows\system32\OpenCL.dll
2015-03-13 19:41 . 2014-10-20 11:09 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-03-13 19:41 . 2014-10-20 11:08 3303448 ----a-w- c:\windows\system32\nvapi64.dll
2015-03-13 19:41 . 2014-10-20 11:08 14121624 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-03-13 16:16 . 2014-10-20 11:09 6861968 ----a-w- c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2014-10-20 11:09 3526856 ----a-w- c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2014-10-20 11:09 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-03-13 16:16 . 2014-10-20 11:09 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2014-10-20 11:09 386248 ----a-w- c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2014-10-20 11:09 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2015-03-11 13:10 . 2014-10-20 11:09 4246327 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-24 03:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-09 16:00 . 2015-02-09 16:00 0 ----a-w- c:\windows\SysWow64\shoC9ED.tmp
2015-01-23 23:55 . 2015-01-23 23:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-22 5511352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys;c:\windows\SYSNATIVE\drivers\scramby_out.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 wolfkr;wolfkr;c:\windows\system32\wolfk64.sys;c:\windows\SYSNATIVE\wolfk64.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 13677149
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - 13677149
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 15:21 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31 09:11]
.
2015-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-22 16:54 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://terra.im/
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Agando\AppData\Local\Temp\ie_script.htm
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.192.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,e8,b5,d7,c7,40,eb,4a,9a,6c,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,e8,b5,d7,c7,40,eb,4a,9a,6c,6d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-03 18:27:22
ComboFix-quarantined-files.txt 2015-04-03 16:27
ComboFix2.txt 2015-04-03 15:45
.
Vor Suchlauf: 15 Verzeichnis(se), 249.291.841.536 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 249.227.153.408 Bytes frei
.
- - End Of File - - 5EA8716CBB8E98C04FD2AFA1EBA9A925
A36C5E4F47E84449FF07ED3517B43A31
|
|
04.04.2015, 10:33
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.04.2015, 12:14
| #10 |
| | Windows 7: Webseiten werden auf Russische Werbung umgeleitet.Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.04.2015 Suchlauf-Zeit: 12:07:27 Logdatei: mbam-log.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.04.02 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Agando Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353616 Verstrichene Zeit: 9 Min, 49 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 2 PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy\1F9BD4E29AE6449EAF04DE43C8AC2034, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], Dateien: 4 PUP.Optional.AZLyrics.A, C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, In Quarantäne, [b7db97d134565adcc38ab3179f6409f7], PUP.Optional.AZLyrics.A, C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, In Quarantäne, [771bf870503a3bfbc588e9e1d52e7f81], PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy\1F9BD4E29AE6449EAF04DE43C8AC2034\du.exe, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy\1F9BD4E29AE6449EAF04DE43C8AC2034\TuneUpUtilities2014_de-DE_2200564.exe, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 13:00:59
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Agando - AGANDO-PC
# Gestarted von : C:\Users\Agando\Downloads\AdwCleaner_4.200.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gelöscht : HKCU\Software\<a href="hxxp://cityadspix.com/tsclick-FDQCWPPK-JHFDQDB0?url=http%3A%2F%2Fwww.svyaznoy.ru%2Fcatalog%2Fgamepad%2F7791%2F1772740&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=NTY1LTAtMTQyODE0NjA4Ny0xNzM3NDEzMQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=053100320a380a3505&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v
-\\ Google Chrome v41.0.2272.118
[C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420003924&from=cvs2&uid=WDCXWD5000AAKX-22ERMA0_WD-WCC2EJUCY2SHCY2SH&q={searchTerms}
*************************
AdwCleaner[R0].txt - [3027 Bytes] - [21/03/2015 11:38:15]
AdwCleaner[R1].txt - [1286 Bytes] - [04/04/2015 12:59:30]
AdwCleaner[S0].txt - [3012 Bytes] - [21/03/2015 11:44:34]
AdwCleaner[S1].txt - [1206 Bytes] - [04/04/2015 13:00:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1265 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Agando on 04.04.2015 at 13:09:33,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2015 at 13:13:03,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 dass es jetzt wieder auftaucht gefällt mir nicht ^^ www.svyaznoy.ru scheint ein guter Fund zu sein für mein Problem ^^ aber behoben ist es immer noch nicht :/ war eben kurz auf der Website von Mediamarkt und dann kam oben wieder die Werbung. Ich möchte mich bis jetzt schon mal bedanken für die Hilfe ^^ Geändert von Caladrius (04.04.2015 um 12:30 Uhr) |
|
04.04.2015, 20:06
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. das frische FRST log fehlt noch 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.04.2015, 13:35
| #12 |
| | Windows 7: Webseiten werden auf Russische Werbung umgeleitet.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Agando (administrator) on AGANDO-PC on 05-04-2015 14:33:44
Running from C:\Users\Agando\Downloads
Loaded Profiles: Agando (Available profiles: Agando)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\GameforgeLive\gfl_client.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64861;https=127.0.0.1:64861
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://terra.im/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3527986853-237272119-1680365976-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-22] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-22] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default
FF Homepage: hxxp://terra.im/
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\searchplugins\defaultsearch.xml [2015-02-01]
FF Extension: Avira Browser Safety - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: Amazon-Icon - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\amazon-icon@giga.de [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Google Search) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (WallPepper ВКонтакте) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pepjgkdpkihjnbdaggonbpphlfkbhdli [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-22] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-22] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-03-22] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-22] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-03-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-22] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [29480 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [34336 2007-08-08] (RapidSolution Software AG)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-22] (Avast Software)
S3 wolfkr; C:\Windows\system32\wolfk64.sys [86352 2014-12-20] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-05 00:32 - 2015-04-05 00:32 - 00214323 _____ () C:\Users\Agando\Desktop\Fiat.jpeg
2015-04-05 00:32 - 2015-04-05 00:32 - 00093167 _____ () C:\Users\Agando\Desktop\Fressnapf.jpeg
2015-04-05 00:32 - 2015-04-05 00:32 - 00082823 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2015-04-05 00:32 - 2015-04-05 00:32 - 00038296 _____ () C:\Users\Agando\Desktop\Zeugnis.jpeg
2015-04-05 00:14 - 2015-04-05 00:14 - 00000098 ____H () C:\Users\Agando\Desktop\.~lock.Bewerbung rewe.doc#
2015-04-05 00:02 - 2015-04-05 00:03 - 00000000 ____D () C:\Users\Agando\Desktop\Neuer Ordner
2015-04-04 23:44 - 2015-04-04 23:44 - 00016368 _____ () C:\Users\Agando\Desktop\Bewerbung rewe.odt
2015-04-04 18:04 - 2015-04-04 18:04 - 00025040 _____ () C:\Users\Agando\Desktop\Lebenslauf.odt
2015-04-04 13:13 - 2015-04-04 13:13 - 00000696 _____ () C:\Users\Agando\Desktop\JRT.txt
2015-04-04 13:09 - 2015-04-04 13:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-AGANDO-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 13:09 - 2015-04-04 13:09 - 00000000 ____D () C:\RegBackup
2015-04-04 13:08 - 2015-04-04 13:08 - 02690981 _____ (Thisisu) C:\Users\Agando\Downloads\JRT.exe
2015-04-04 12:53 - 2015-04-04 12:53 - 02208768 _____ () C:\Users\Agando\Downloads\AdwCleaner_4.200.exe
2015-04-04 12:06 - 2015-04-04 12:06 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-04 12:06 - 2015-04-04 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-04 12:05 - 2015-04-04 12:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Agando\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-04 12:05 - 2015-04-04 12:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-04 12:05 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-04 12:05 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-04 02:27 - 2015-04-04 02:27 - 00000914 _____ () C:\Users\Agando\Desktop\Wörter.txt
2015-04-04 02:27 - 2015-04-04 02:27 - 00000261 _____ () C:\Users\Agando\Desktop\Engel.txt
2015-04-04 00:28 - 2015-04-04 00:28 - 00001020 _____ () C:\Users\Agando\Desktop\vergangenheit.txt
2015-04-03 18:27 - 2015-04-03 18:27 - 00017165 _____ () C:\ComboFix.txt
2015-04-03 17:30 - 2015-04-03 17:30 - 00013336 _____ () C:\Users\Agando\Desktop\ComboFix - Verknüpfung.lnk
2015-04-03 17:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-03 17:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-03 17:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-03 15:59 - 2015-04-03 18:27 - 00000000 ____D () C:\Qoobox
2015-04-03 15:58 - 2015-04-03 17:44 - 00000000 ____D () C:\Windows\erdnt
2015-04-03 15:57 - 2015-04-03 17:27 - 05617096 ____R (Swearware) C:\Users\Agando\Downloads\ComboFix.exe
2015-04-01 16:13 - 2015-04-01 16:13 - 00072110 _____ () C:\Users\Agando\Desktop\TDSSKiller.3.0.0.44_01.04.2015_15.17.05_log.zip
2015-04-01 15:10 - 2015-04-01 15:10 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Agando\Downloads\tdsskiller.exe
2015-04-01 14:49 - 2015-04-04 12:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 14:49 - 2015-04-01 15:05 - 00000000 ____D () C:\Users\Agando\Desktop\mbar
2015-04-01 14:49 - 2015-04-01 15:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-01 14:49 - 2015-04-01 14:49 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Agando\Downloads\mbar-1.09.1.1004.exe
2015-04-01 14:49 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 13:13 - 2015-04-01 13:40 - 00014066 _____ () C:\Users\Agando\Desktop\Gmer.log
2015-04-01 13:03 - 2015-04-01 13:03 - 00380416 _____ () C:\Users\Agando\Downloads\Gmer-19357.exe
2015-04-01 13:00 - 2015-04-01 13:00 - 00029297 _____ () C:\Users\Agando\Desktop\Addition.txt
2015-04-01 12:57 - 2015-04-01 12:57 - 00036862 _____ () C:\Users\Agando\Desktop\FRST.txt
2015-04-01 12:55 - 2015-04-01 12:55 - 00029297 _____ () C:\Users\Agando\Downloads\Addition.txt
2015-04-01 12:54 - 2015-04-05 14:33 - 00019066 _____ () C:\Users\Agando\Downloads\FRST.txt
2015-04-01 12:53 - 2015-04-05 14:33 - 00000000 ____D () C:\FRST
2015-04-01 12:53 - 2015-04-01 12:53 - 02095616 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-04-01 12:52 - 2015-04-01 12:52 - 00000000 _____ () C:\Users\Agando\defogger_reenable
2015-04-01 12:48 - 2015-04-01 12:48 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger (1).exe
2015-04-01 12:45 - 2015-04-01 12:52 - 00000474 _____ () C:\Users\Agando\Desktop\defogger_disable.log
2015-04-01 12:45 - 2015-04-01 12:48 - 00000246 _____ () C:\Users\Agando\Downloads\defogger_enable.log
2015-04-01 12:44 - 2015-04-01 12:44 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger.exe
2015-03-31 14:54 - 2015-03-31 14:54 - 00000000 ____D () C:\Users\Agando\Downloads\Gameforge Live
2015-03-30 18:36 - 2015-03-30 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2015-03-30 18:30 - 2015-04-03 20:01 - 00000000 ____D () C:\Diablo II
2015-03-30 18:03 - 2015-03-30 18:17 - 00000000 ____D () C:\Users\Agando\D2LOD-1.12A-deDE
2015-03-30 18:01 - 2015-03-30 18:20 - 00000000 ____D () C:\Users\Agando\D2-1.12A-enGB
2015-03-25 16:50 - 2015-03-25 16:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-25 10:42 - 2015-03-25 10:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\Avg2014
2015-03-24 19:46 - 2015-03-24 19:46 - 00000000 ____D () C:\Users\Agando\Documents\Abelssoft
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TuneUp Software
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Local\TuneUp Software
2015-03-24 08:38 - 2015-03-25 16:48 - 00000000 ____D () C:\Program Files\Image-Line
2015-03-24 08:38 - 2015-03-24 11:05 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\Documents\Image-Line
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\VST2
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-03-24 08:37 - 2015-03-25 16:48 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-03-24 08:37 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2015-03-24 08:31 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-03-23 16:06 - 2015-04-02 18:13 - 00000000 ____D () C:\Temp
2015-03-22 18:59 - 2015-03-22 18:59 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\AVAST Software
2015-03-22 18:56 - 2015-03-22 18:56 - 00001982 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00001922 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-22 18:54 - 2015-03-24 07:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-22 18:54 - 2015-03-22 18:54 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-22 18:54 - 2015-03-22 18:54 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-22 18:52 - 2015-03-22 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-22 18:32 - 2015-04-04 13:02 - 00103206 _____ () C:\Windows\PFRO.log
2015-03-22 09:05 - 2015-03-22 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-03-22 08:57 - 2015-03-22 08:57 - 00001067 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Agando\AppData\Local\Gameforge4d
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\telltale games
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\my games
2015-03-21 19:45 - 2015-04-01 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:49 - 2015-04-04 13:02 - 00002175 _____ () C:\Windows\setupact.log
2015-03-21 11:49 - 2015-03-21 11:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 11:38 - 2015-04-04 13:01 - 00000000 ____D () C:\AdwCleaner
2015-03-21 08:08 - 2015-03-25 17:03 - 00000000 ____D () C:\Users\Agando\AppData\Local\FreeSystemUtilities
2015-03-20 18:17 - 2015-03-20 18:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-20 18:16 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 18:13 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 18:13 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-14 20:35 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\Agando\AppData\Local\PAYDAY 2
2015-03-11 10:48 - 2015-03-11 10:48 - 00000000 ___RD () C:\MSOCache
2015-03-10 18:22 - 2015-03-10 18:22 - 00000000 _____ () C:\Windows\SysWOW64\sho4835.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-05 14:21 - 2014-12-31 11:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-05 11:47 - 2014-10-20 12:45 - 01445183 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 05:57 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-05 05:57 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 03:01 - 2014-10-21 22:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TS3Client
2015-04-05 00:33 - 2014-11-08 06:29 - 00000000 ____D () C:\Users\Agando\.gimp-2.8
2015-04-05 00:32 - 2014-11-08 06:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\gtk-2.0
2015-04-04 23:44 - 2014-12-28 07:15 - 00000000 ____D () C:\Users\Agando\Documents\Text
2015-04-04 18:48 - 2014-11-09 04:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Audacity
2015-04-04 18:21 - 2014-12-31 11:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 13:08 - 2011-04-12 09:43 - 00699542 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 13:08 - 2011-04-12 09:43 - 00149424 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 13:08 - 2009-07-14 07:13 - 01620888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 13:02 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-04 13:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 12:21 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-03 18:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-03 17:45 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-03 17:26 - 2014-10-21 14:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-01 14:09 - 2014-12-15 02:00 - 00000000 ____D () C:\Users\Agando\Desktop\Ordner
2015-04-01 12:52 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando
2015-03-30 18:32 - 2014-10-25 02:12 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-28 22:08 - 2014-10-21 15:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-25 17:08 - 2014-12-13 22:29 - 00000000 ____D () C:\Users\Agando\AppData\Local\Akamai
2015-03-25 17:03 - 2015-01-02 21:39 - 00000000 ____D () C:\ProgramData\FreeSystemUtilities
2015-03-25 15:02 - 2014-11-13 23:03 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Skype
2015-03-24 19:45 - 2014-11-02 01:06 - 00000000 ____D () C:\Users\Agando\AppData\Local\Abelssoft
2015-03-24 15:29 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando\AppData\Local\VirtualStore
2015-03-23 17:26 - 2015-02-14 14:06 - 00000000 ____D () C:\Program Files (x86)\phase5
2015-03-23 08:05 - 2014-11-08 05:52 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OBS
2015-03-23 03:23 - 2015-02-01 05:36 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\newSI_620
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-22 18:51 - 2015-01-01 15:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-22 08:57 - 2014-12-27 23:54 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-03-21 11:44 - 2014-10-20 12:51 - 00000997 _____ () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-21 09:05 - 2014-11-08 05:02 - 00000000 ____D () C:\Users\Agando\AppData\Local\Windows Live
2015-03-21 08:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 08:24 - 2014-10-21 15:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-21 08:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-21 07:38 - 2014-10-30 15:11 - 00000000 ____D () C:\Fraps
2015-03-21 06:44 - 2014-11-02 01:06 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-03-20 19:53 - 2014-11-08 05:51 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-20 18:17 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 18:17 - 2014-10-20 13:09 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-20 18:14 - 2014-10-20 13:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-19 10:32 - 2014-11-08 15:49 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\SoftGrid Client
2015-03-13 21:41 - 2015-01-01 15:12 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2014-10-20 13:09 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2014-10-20 13:09 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 15:10 - 2014-10-20 13:09 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2015-04-05 00:32 - 2015-04-05 00:32 - 0082823 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\Quarantine.exe
C:\Users\Agando\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 16:24
==================== End Of Log ============================
|
|
05.04.2015, 17:00
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. In welchem Browser hast Du noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.04.2015, 18:13
| #14 |
| | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. Ich benutze ja nur Google Chrome und da die Werbung nur manchmal auftaucht hab ich keine Ahnung ob das überhaupt in den anderen Browsern noch ist. |
|
06.04.2015, 10:44
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden auf Russische Werbung umgeleitet. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Webseiten werden auf Russische Werbung umgeleitet. |
| adware, antivirus, avira, bluestacks, desktop, fehler, google, helper, home, homepage, installation, installmanager.exe, internet, macbook pro, maus, mozilla, onlineshop, problem, realtek, registry, rundll, russische seite, security, services.exe, software, svchost.exe, system, teamspeak, werbung, werbung im browser, werbung in neuem tab, windows |
Linear-Darstellung
