Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Russische Werbung umgeleitet.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 01.04.2015, 13:38   #1
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Hallo,
ich habe seit einigen Tagen das Problem, dass wenn ich im Internet surfe, dass sich auf manchen Seiten, die jetzt nichts besonderes enthalten am oberen Rand des Browsers plötzlich Russische Werbung auftaucht, dort steht dann z.b r.proxyloads.ru wenn ich mit der Maus über die Werbung fahre.
Manchmal öffnet sich auch ein Russischer Onlineshop, wenn ich auf Links klicke oder einfach ins leere der Internet Seite klicke.

(Die Logfiles von Avast konnte ich nicht finden, aufgrund dessen habe ich ein Bild vom Container beigefügt und hoffe dies ist in Ordnung.)
Code:
ATTFilter

         


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Agando (administrator) on AGANDO-PC on 01-04-2015 12:54:31
Running from C:\Users\Agando\Downloads
Loaded Profiles: Agando (Available profiles: Agando)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
() C:\Program Files (x86)\GameforgeLive\gfl_client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64861;https=127.0.0.1:64861
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://terra.im/
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://terra.im/
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://terra.im/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3527986853-237272119-1680365976-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-22] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-22] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default
FF Homepage: hxxp://terra.im/
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\searchplugins\defaultsearch.xml [2015-02-01]
FF Extension: Avira Browser Safety - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: Amazon-Icon - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\amazon-icon@giga.de [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Google Search) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (WallPepper ВКонтакте) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pepjgkdpkihjnbdaggonbpphlfkbhdli [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-22] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-22] (Avast Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-03-22] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-22] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-03-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-22] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [29480 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [34336 2007-08-08] (RapidSolution Software AG)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-22] (Avast Software)
S3 wolfkr; C:\Windows\system32\wolfk64.sys [86352 2014-12-20] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 12:54 - 2015-04-01 12:54 - 00018426 _____ () C:\Users\Agando\Downloads\FRST.txt
2015-04-01 12:53 - 2015-04-01 12:54 - 00000000 ____D () C:\FRST
2015-04-01 12:53 - 2015-04-01 12:53 - 02095616 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-04-01 12:52 - 2015-04-01 12:52 - 00000000 _____ () C:\Users\Agando\defogger_reenable
2015-04-01 12:48 - 2015-04-01 12:48 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger (1).exe
2015-04-01 12:45 - 2015-04-01 12:52 - 00000474 _____ () C:\Users\Agando\Downloads\defogger_disable.log
2015-04-01 12:45 - 2015-04-01 12:48 - 00000246 _____ () C:\Users\Agando\Downloads\defogger_enable.log
2015-04-01 12:44 - 2015-04-01 12:44 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger.exe
2015-04-01 12:25 - 2015-04-01 12:25 - 00089546 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2015-03-31 14:54 - 2015-03-31 14:54 - 00000000 ____D () C:\Users\Agando\Downloads\Gameforge Live
2015-03-30 18:36 - 2015-03-30 18:36 - 00000000 ____D () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3NS0xOTk1NTE2OQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Diablo II
2015-03-30 18:30 - 2015-03-31 23:05 - 00000000 ____D () C:\Diablo II
2015-03-30 18:03 - 2015-03-30 18:17 - 00000000 ____D () C:\Users\Agando\D2LOD-1.12A-deDE
2015-03-30 18:01 - 2015-03-30 18:20 - 00000000 ____D () C:\Users\Agando\D2-1.12A-enGB
2015-03-25 16:50 - 2015-03-25 16:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-25 10:42 - 2015-03-25 10:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\Avg2014
2015-03-24 19:46 - 2015-03-24 19:46 - 00000000 ____D () C:\Users\Agando\Documents\Abelssoft
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TuneUp Software
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Local\TuneUp Software
2015-03-24 08:38 - 2015-03-25 16:48 - 00000000 ____D () C:\Program Files\Image-Line
2015-03-24 08:38 - 2015-03-24 11:05 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\Documents\Image-Line
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OpenCandy
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\VST2
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-03-24 08:37 - 2015-03-25 16:48 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMzM3NzY0Mg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Image-Line
2015-03-24 08:37 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2015-03-24 08:31 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-03-23 16:06 - 2015-03-29 19:15 - 00000000 ____D () C:\Temp
2015-03-22 18:59 - 2015-03-22 18:59 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\AVAST Software
2015-03-22 18:56 - 2015-03-22 18:56 - 00001982 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00001922 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-22 18:54 - 2015-03-24 07:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-22 18:54 - 2015-03-22 18:54 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-22 18:54 - 2015-03-22 18:54 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-22 18:52 - 2015-03-22 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-22 18:32 - 2015-03-30 21:08 - 00094108 _____ () C:\Windows\PFRO.log
2015-03-22 09:05 - 2015-03-22 09:05 - 00000000 ____D () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3NS0xMDY3Mzc5MA%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Metin2
2015-03-22 08:57 - 2015-03-22 08:57 - 00001067 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Agando\AppData\Local\Gameforge4d
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\telltale games
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\my games
2015-03-21 19:45 - 2015-03-21 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:49 - 2015-03-30 21:44 - 00001335 _____ () C:\Windows\setupact.log
2015-03-21 11:49 - 2015-03-21 11:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 11:38 - 2015-03-21 11:44 - 00000000 ____D () C:\AdwCleaner
2015-03-21 08:08 - 2015-03-25 17:03 - 00000000 ____D () C:\Users\Agando\AppData\Local\FreeSystemUtilities
2015-03-20 18:17 - 2015-03-20 18:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-20 18:16 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 18:13 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 18:13 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-14 20:35 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\Agando\AppData\Local\PAYDAY 2
2015-03-11 10:48 - 2015-03-11 10:48 - 00000000 __RHD () C:\MSOCache
2015-03-10 18:22 - 2015-03-10 18:22 - 00000000 _____ () C:\Windows\SysWOW64\sho4835.tmp
2015-03-03 13:52 - 2015-03-03 13:52 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 12:52 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando
2015-04-01 12:39 - 2014-10-21 22:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TS3Client
2015-04-01 12:33 - 2014-12-15 02:00 - 00000000 ____D () C:\Users\Agando\Desktop\Ordner
2015-04-01 12:25 - 2014-11-08 06:29 - 00000000 ____D () C:\Users\Agando\.gimp-2.8
2015-04-01 12:21 - 2014-12-31 11:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 07:22 - 2014-10-20 12:45 - 01406622 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 18:21 - 2014-12-31 11:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 14:53 - 2014-11-09 04:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Audacity
2015-03-30 21:15 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:15 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:14 - 2011-04-12 09:43 - 00699542 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 21:14 - 2011-04-12 09:43 - 00149424 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 21:14 - 2009-07-14 07:13 - 01620888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 21:08 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 21:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 18:32 - 2014-10-25 02:12 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xNjUwMTgzMg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Games
2015-03-28 22:08 - 2014-10-21 15:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-25 23:14 - 2014-11-08 06:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\gtk-2.0
2015-03-25 17:08 - 2014-12-13 22:29 - 00000000 ____D () C:\Users\Agando\AppData\Local\Akamai
2015-03-25 17:03 - 2015-01-02 21:39 - 00000000 ____D () C:\ProgramData\FreeSystemUtilities
2015-03-25 15:02 - 2014-11-13 23:03 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Skype
2015-03-24 19:45 - 2014-11-02 01:06 - 00000000 ____D () C:\Users\Agando\AppData\Local\Abelssoft
2015-03-24 15:29 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando\AppData\Local\VirtualStore
2015-03-23 17:26 - 2015-02-14 14:06 - 00000000 ____D () C:\Program Files (x86)\phase5
2015-03-23 08:05 - 2014-11-08 05:52 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OBS
2015-03-23 03:23 - 2015-02-01 05:36 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\newSI_620
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMTEzNzExNQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-22 18:51 - 2015-01-01 15:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-22 18:32 - 2014-10-21 14:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-22 18:30 - 2014-10-21 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-22 18:30 - 2014-10-21 14:32 - 00000000 ____D () C:\ProgramData\Avira
2015-03-22 08:57 - 2014-12-27 23:54 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-03-21 11:44 - 2014-10-20 12:51 - 00000997 _____ () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-21 09:05 - 2014-11-08 05:02 - 00000000 ____D () C:\Users\Agando\AppData\Local\Windows Live
2015-03-21 08:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xNDU3NjIzNg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Games
2015-03-21 08:24 - 2014-10-21 15:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-21 08:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-21 07:38 - 2014-10-30 15:11 - 00000000 ____D () C:\Fraps
2015-03-21 06:55 - 2014-12-28 07:15 - 00000000 ____D () C:\Users\Agando\Documents\Text
2015-03-21 06:44 - 2014-11-02 01:06 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-03-20 19:53 - 2014-11-08 05:51 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-20 18:17 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 18:17 - 2014-10-20 13:09 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-20 18:14 - 2014-10-20 13:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-19 10:32 - 2014-11-08 15:49 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\SoftGrid Client
2015-03-13 21:41 - 2015-01-01 15:12 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2014-10-20 13:09 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2014-10-20 13:09 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 15:10 - 2014-10-20 13:09 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2015-04-01 12:25 - 2015-04-01 12:25 - 0089546 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\avgnt.exe
C:\Users\Agando\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Agando\AppData\Local\Temp\nvStInst.exe
C:\Users\Agando\AppData\Local\Temp\Quarantine.exe
C:\Users\Agando\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 02:13

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Additon:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Agando at 2015-04-01 12:55:11
Running from C:\Users\Agando\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (HKLM-x32\...\{786C5747-1437-443D-B06E-79A00FE45110}) (Version: 1.0.2 - Adobe Systems)
ATI Catalyst Install Manager (HKLM\...\{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.32.1010 - Electronic Arts Inc.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
foobar2000 v1.3.7 beta 1 (HKLM-x32\...\foobar2000) (Version: 1.3.7 beta 1 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free SystemUtilities (x32 Version: 1.1.0.0 - Covus Freemium GmbH) Hidden
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD <a href="hxxp://cityadspix.com/tsclick-BQBE4NPP-VRMIQUYF?url=http%3A%2F%2Fwww.enter.ru%2Fproduct%2Felectronics%2Fgeympad-dlya-xbox-360-microsoft-xbox-360-wireless-controller-cherniy-2060403004348&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=Mjc3NS0wLTE0Mjc4OTE5NzUtMTM0MTMyODI%3D&fid=NDQ1NzU2Nzc1&prdct=023400350037053d05&kw=Wireless%20Controller" target="_blank" alt="Microsoft Xbox 360 Wireless Controller" title="Microsoft Xbox 360 Wireless Controller" style="">Wireless Controller</a> Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Vegas <a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fcover-apple-macbook-pro-13-speck-seethru.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNTY1NTU0Nw%3D%3D&fid=NDQ1NzU2Nzc1&prdct=31053c02360c&kw=<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Facustica_microlab_pro_2.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNzMyMzg0OQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0a3c093e08&kw=Pro%252013.0" target="_blank" alt="Microlab Pro 2" title="Microlab Pro 2" style="">Pro%2013.0</a>" target="_blank" alt="Speck SeeThru for MacBook Pro 13 (unibody)" title="Speck SeeThru for MacBook Pro 13 (unibody)" style="">Pro 13.0</a> (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-03-2015 01:08:59 Geplanter Prüfpunkt
21-03-2015 08:11:07 Removed BlueStacks Notification Center
22-03-2015 12:44:23 Free System Utilities
22-03-2015 18:52:13 avast! antivirus system restore point
22-03-2015 18:55:16 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
25-03-2015 06:50:37 Windows Update
25-03-2015 16:55:03 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 16:57:59 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 17:00:23 Revo Uninstaller's restore point - Free System Utilities
25-03-2015 17:04:57 Revo Uninstaller's restore point - K-Lite Codec Pack 6.0.<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fbosch-ixo-4-upgrade-basic-0603981020.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNjkzNzYzMw%3D%3D&fid=NDQ1NzU2Nzc1&prdct=00320135063204&kw=4%20(Basic)" target="_blank" alt="IXO 4 Upgrade basic" title="IXO 4 Upgrade basic" style="">4 (Basic)</a>
25-03-2015 17:06:08 Revo Uninstaller's restore point - Free System Utilities
25-03-2015 17:06:58 Revo Uninstaller's restore point - Need For Speed™ World
25-03-2015 17:08:05 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 17:10:27 Revo Uninstaller's restore point - TuneUp Utilities 2014
30-03-2015 05:00:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B11B9F7-1207-4DB3-82A3-EE1F3C2C1154} - System32\Tasks\{15D5DB9C-F9C3-4581-AF5C-CE0CB9142560} => pcalua.exe -a "C:\Users\Agando\AppData\Local\Temp\Temp1_PPRO_2.0_Ret-NH_D.zip\Premiere <a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fpro-mac.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xMDQ0NjQ3OA%3D%3D&fid=NDQ1NzU2Nzc1&prdct=300031073304&kw=Pro%202.0" target="_blank" alt="Pro Flat 16.2" title="Pro Flat 16.2" style="">Pro 2.0</a>\Deutsch\Software van andere bedrijven\2d3 SteadyMove\setup.exe"
Task: {1E1CA1E0-E1AA-40CF-AAA9-781322D26116} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {202414D0-50C4-4E99-9480-A118400E1A7C} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {762A6EA6-9B8B-4FD4-8D00-607A2B8060CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7ACBC82B-81B9-416C-91A3-A396F54D5881} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-22] (Avast Software s.r.o.)
Task: {873E9D1F-88A6-4439-966D-50C6D557E0A5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {9C49C43C-B4DD-4835-A92C-55864A558B2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {A61BBF30-B2CB-4638-86C5-A07C9794D87C} - System32\Tasks\{FA44342A-23DC-459A-9B56-CF34E24ECB95} => pcalua.exe -a C:\Users\Agando\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
Task: {E5D7B07E-F417-4B94-AACE-7D4ADCB4EB76} - System32\Tasks\{EB21F9EE-528A-47B0-B46A-EF0E6D1BEE06} => pcalua.exe -a C:\Users\Agando\Downloads\Arena106.exe -d C:\Users\Agando\Downloads
Task: {E8A8C3E7-1958-490D-A2B4-B4A420A7F1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-20 13:09 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-22 08:57 - 2015-02-13 13:05 - 03037736 _____ () C:\Program Files (x86)\GameforgeLive\gfl_client.exe
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-30 09:57 - 2015-03-30 09:57 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15033000\algo.dll
2015-03-30 21:09 - 2015-03-30 21:09 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033001\algo.dll
2015-04-01 10:14 - 2015-04-01 10:14 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15040100\algo.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2015-03-30 21:44 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-22 08:57 - 2014-02-13 14:32 - 00088064 _____ () C:\Program Files (x86)\GameforgeLive\libgcc_s_sjlj-1.dll
2015-03-22 08:57 - 2014-02-13 14:32 - 00863744 _____ () C:\Program Files (x86)\GameforgeLive\libstdc++-6.dll
2015-03-22 08:57 - 2014-02-13 14:33 - 01765301 _____ () C:\Program Files (x86)\GameforgeLive\libgcrypt-11.dll
2015-03-22 08:57 - 2014-02-13 14:33 - 00126959 _____ () C:\Program Files (x86)\GameforgeLive\libgpg-error-0.dll
2015-03-22 08:57 - 2014-02-14 14:55 - 00530432 _____ () C:\Program Files (x86)\GameforgeLive\log4qt.dll
2015-03-22 08:57 - 2015-02-10 13:13 - 00141312 _____ () C:\Program Files (x86)\GameforgeLive\qjson.dll
2015-03-22 08:57 - 2014-02-14 15:19 - 05686669 _____ () C:\Program Files (x86)\GameforgeLive\libtorrent.dll
2015-03-22 08:57 - 2014-02-14 13:32 - 00097659 _____ () C:\Program Files (x86)\GameforgeLive\libboost_system-mgw47-mt-1_53.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\Users\Agando\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Agando\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Agando\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Agando\AppData\Roaming:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMTU2MzE3Ng%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3527986853-237272119-1680365976-500 - Administrator - Disabled)
Agando (S-1-5-21-3527986853-237272119-1680365976-1000 - Administrator - Enabled) => C:\Users\Agando
Gast (S-1-5-21-3527986853-237272119-1680365976-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3527986853-237272119-1680365976-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 09:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/28/2015 02:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4624

Startzeit: 01d0694fe77aac0f

Endzeit: 6

Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe

Berichts-ID: 6df55a0f-d546-11e4-aff6-b8975a8e4212

Error: (03/26/2015 01:40:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)

Error: (03/25/2015 05:11:43 PM) (Source: MsiInstaller) (EventID: 11704) (User: Agando-PC)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1704. Eine Installation von TuneUp Utilities 2014 wurde unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig machen?

Error: (03/25/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2015 07:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2015 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2038

Startzeit: 01d06572bd0a40f4

Endzeit: 18

Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe

Berichts-ID: 26175037-d166-11e4-adfa-b8975a8e4212

Error: (03/23/2015 05:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5b4

Startzeit: 01d065192037b28c

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe

Berichts-ID: 97a6e9d9-d10c-11e4-adfa-b8975a8e4212


System errors:
=============
Error: (03/25/2015 09:04:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (03/25/2015 09:03:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎03.‎2015 um 07:59:56 unerwartet heruntergefahren.

Error: (03/22/2015 07:01:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (03/21/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/21/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Druckwarteschlange erreicht.

Error: (03/21/2015 11:46:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (03/21/2015 11:46:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/30/2015 09:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/28/2015 02:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.0462401d0694fe77aac0f6C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe6df55a0f-d546-11e4-aff6-b8975a8e4212

Error: (03/26/2015 01:40:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)

Error: (03/25/2015 05:11:43 PM) (Source: MsiInstaller) (EventID: 11704) (User: Agando-PC)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1704. Eine Installation von TuneUp Utilities 2014 wurde unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig machen?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/25/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2015 07:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2015 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.0203801d06572bd0a40f418C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe26175037-d166-11e4-adfa-b8975a8e4212

Error: (03/23/2015 05:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.05b401d065192037b28c3C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe97a6e9d9-d10c-11e4-adfa-b8975a8e4212


==================== Memory info =========================== 

Processor: AMD FX(tm)-4300 Quad-Core Processor 
Percentage of memory in use: 60%
Total physical RAM: 4078.29 MB
Available physical RAM: 1595.91 MB
Total Pagefile: 8154.76 MB
Available Pagefile: 5137.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:237 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E6C5C6A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-01 13:40:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Agando\AppData\Local\Temp\pxdiqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                                                                                fffff80002fb5000 63 bytes [43, 4D, 33, 31, 05, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592                                                                                                                                                                                                                                fffff80002fb5040 1 byte [01]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                                                                              00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                                   0000000076581465 2 bytes [58, 76]
.text     C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                                  00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                              0000000076581465 2 bytes [58, 76]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                             00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                                                                              00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                                   0000000076581465 2 bytes [58, 76]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                                  00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                    0000000076581465 2 bytes [58, 76]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                   00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                                                                              00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                                   0000000076581465 2 bytes [58, 76]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                                  00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                           0000000076581465 2 bytes [58, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                          00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                       00000000766c2ab1 5 bytes JMP 0000000100112ac0
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                 0000000076581465 2 bytes [58, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                                 0000000076581465 2 bytes [58, 76]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                                00000000765814bb 2 bytes [58, 76]
.text     ...                                                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip7address5to_v4Ev + 102                                                                                                                                            0000000067bcf926 4 bytes [48, FD, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip7address5to_v6Ev + 110                                                                                                                                            0000000067bcfdfe 4 bytes [48, FD, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip10address_v65to_v4Ev + 86                                                                                                                                         0000000067bd0366 4 bytes [48, FD, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip6detail8endpoint9to_stringERNS_6system10error_codeE + 537                                                                                                         0000000067bd0e79 4 bytes [8C, F9, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip6detail8endpoint9to_stringERNS_6system10error_codeE + 555                                                                                                         0000000067bd0e8b 4 bytes [A0, F9, CD, 6F]
.text     ...                                                                                                                                                                                                                                                                                               * 6
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11dict_appendEPKc + 91                                                                                                                                   0000000067bec9ab 4 bytes [FC, B9, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11dict_appendEPKc + 213                                                                                                                                  0000000067beca25 4 bytes [FC, B9, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11list_appendEv + 84                                                                                                                                     0000000067becb94 4 bytes [FC, B9, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11list_appendEv + 207                                                                                                                                    0000000067becc0f 4 bytes [FC, B9, CD, 6F]
.text     C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent9file_pool9open_fileEPvRKSsN9__gnu_cxx17__normal_iteratorIPKNS_19internal_file_entryESt6vectorIS6_SaIS6_EEEERKNS_12file_storageEiRN5boost6system10error_codeE + 762  0000000067d078fa 4 bytes [FC, B9, CD, 6F]

---- EOF - GMER 2.1 ----
         
--- --- ---


defogger disable :

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:52 on 01/04/2015 (Agando)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Geändert von Caladrius (01.04.2015 um 13:43 Uhr)

Alt 01.04.2015, 13:47   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 01.04.2015, 15:15   #3
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



TDSSKiller-log war leider zu lang, daher habe ich es als Zip angehangen.






Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.01.07
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Agando :: AGANDO-PC [administrator]

01.04.2015 14:54:11
mbar-log-2015-04-01 (14-54-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 346384
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 01.04.2015, 20:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.04.2015, 23:17   #5
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Code:
ATTFilter
15:17:05.0984 0x1594  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:17:23.0032 0x1594  ============================================================
15:17:23.0032 0x1594  Current date / time: 2015/04/01 15:17:23.0032
15:17:23.0032 0x1594  SystemInfo:
15:17:23.0032 0x1594  
15:17:23.0032 0x1594  OS Version: 6.1.7601 ServicePack: 1.0
15:17:23.0032 0x1594  Product type: Workstation
15:17:23.0032 0x1594  ComputerName: AGANDO-PC
15:17:23.0033 0x1594  UserName: Agando
15:17:23.0033 0x1594  Windows directory: C:\Windows
15:17:23.0033 0x1594  System windows directory: C:\Windows
15:17:23.0033 0x1594  Running under WOW64
15:17:23.0033 0x1594  Processor architecture: Intel x64
15:17:23.0033 0x1594  Number of processors: 4
15:17:23.0033 0x1594  Page size: 0x1000
15:17:23.0033 0x1594  Boot type: Normal boot
15:17:23.0033 0x1594  ============================================================
15:17:24.0609 0x1594  KLMD registered as C:\Windows\system32\drivers\27876267.sys
15:17:24.0874 0x1594  System UUID: {DF342AF6-746D-13C3-8D36-AAC5340CA0B8}
15:17:25.0394 0x1594  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:25.0399 0x1594  ============================================================
15:17:25.0399 0x1594  \Device\Harddisk0\DR0:
15:17:25.0399 0x1594  MBR partitions:
15:17:25.0399 0x1594  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
15:17:25.0399 0x1594  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x3A2D6000
15:17:25.0399 0x1594  ============================================================
15:17:25.0431 0x1594  C: <-> \Device\Harddisk0\DR0\Partition2
15:17:25.0431 0x1594  ============================================================
15:17:25.0431 0x1594  Initialize success
15:17:25.0431 0x1594  ============================================================
15:17:49.0294 0x1580  ============================================================
15:17:49.0294 0x1580  Scan started
15:17:49.0294 0x1580  Mode: Manual; 
15:17:49.0294 0x1580  ============================================================
15:17:49.0294 0x1580  KSN ping started
15:17:50.0470 0x1580  KSN ping finished: true
15:17:51.0271 0x1580  ================ Scan system memory ========================
15:17:51.0271 0x1580  System memory - ok
15:17:51.0272 0x1580  ================ Scan services =============================
15:17:51.0420 0x1580  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:17:51.0426 0x1580  1394ohci - ok
15:17:51.0460 0x1580  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:17:51.0468 0x1580  ACPI - ok
15:17:51.0482 0x1580  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:17:51.0483 0x1580  AcpiPmi - ok
15:17:51.0585 0x1580  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:51.0587 0x1580  AdobeARMservice - ok
15:17:51.0643 0x1580  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:17:51.0655 0x1580  adp94xx - ok
15:17:51.0674 0x1580  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:17:51.0681 0x1580  adpahci - ok
15:17:51.0697 0x1580  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:17:51.0701 0x1580  adpu320 - ok
15:17:51.0729 0x1580  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:17:51.0732 0x1580  AeLookupSvc - ok
15:17:51.0770 0x1580  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:17:51.0783 0x1580  AFD - ok
15:17:51.0798 0x1580  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:17:51.0800 0x1580  agp440 - ok
15:17:51.0820 0x1580  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:17:51.0822 0x1580  ALG - ok
15:17:51.0850 0x1580  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:17:51.0851 0x1580  aliide - ok
15:17:51.0860 0x1580  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:17:51.0861 0x1580  amdide - ok
15:17:51.0887 0x1580  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:17:51.0889 0x1580  AmdK8 - ok
15:17:51.0912 0x1580  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:17:51.0914 0x1580  AmdPPM - ok
15:17:51.0943 0x1580  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:17:51.0946 0x1580  amdsata - ok
15:17:51.0960 0x1580  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:17:51.0964 0x1580  amdsbs - ok
15:17:51.0982 0x1580  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:17:51.0983 0x1580  amdxata - ok
15:17:52.0022 0x1580  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:17:52.0024 0x1580  AppID - ok
15:17:52.0051 0x1580  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:17:52.0053 0x1580  AppIDSvc - ok
15:17:52.0081 0x1580  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:17:52.0083 0x1580  Appinfo - ok
15:17:52.0101 0x1580  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:17:52.0104 0x1580  arc - ok
15:17:52.0119 0x1580  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:17:52.0121 0x1580  arcsas - ok
15:17:52.0228 0x1580  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:17:52.0230 0x1580  aspnet_state - ok
15:17:52.0254 0x1580  [ BA4B999D245287608A79C92CDAE6F3C1, 799CC0FB185FDF3438687184944E6F6AB6EE73B3B542542D3C13C0FF1A8C0276 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
15:17:52.0255 0x1580  aswHwid - ok
15:17:52.0278 0x1580  [ 543D8AD4621A685CECBBE44BD5B71FAE, 5E8A20B4848F2AEB7BE56BA8966B961FD135433A87EC36ACAB3B63646A1DDCA8 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
15:17:52.0279 0x1580  aswKbd - ok
15:17:52.0290 0x1580  [ 245D3A0670491E1F88759EC45C9F7314, 1FFBDDDC6FCD29770B439933EEB8BE1ABA9149193932B2481720E8E9F265A797 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
15:17:52.0293 0x1580  aswMonFlt - ok
15:17:52.0329 0x1580  [ 95AAB2D70A5B8F4BDB1FF131CD726232, 8C7267BAE92FB2F31BCA7818BAC43F7E542F0E8A7405422B730DF2805CCD7FB4 ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
15:17:52.0339 0x1580  aswNdisFlt - ok
15:17:52.0350 0x1580  [ BC18D5B42B19564BA09156410E1FB9BE, 0DA9636632462208AE4D360BFE5A8187644B036A0D43E981665D888A5363B953 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
15:17:52.0353 0x1580  aswRdr - ok
15:17:52.0359 0x1580  [ 713AFFD4E38553AEF04617C985B4030B, A09FBE4D49390024E8CF93352EACEB5AC53BEE5A4E5A76F5BE0341F8A002C4DD ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
15:17:52.0361 0x1580  aswRvrt - ok
15:17:52.0415 0x1580  [ 669F6B37965756E407B447272B5EE39F, FE2C0A8F96415191650485AED637A45B26E7B9A25A4BFB5D809844BD24FD6BA9 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
15:17:52.0449 0x1580  aswSnx - ok
15:17:52.0473 0x1580  [ 3A145C94A519E52FE7E99460DD0DF53C, 91E9544B1B72FCC32463BF34838DAA9F14DCABF3BE9FE9382087ACDB3B4FC598 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
15:17:52.0482 0x1580  aswSP - ok
15:17:52.0494 0x1580  [ 8CDA894FA86D03FB43063D5FD85EFCAE, 20D110ACC84300514557AB6E565CFA0101DA749559B52877A41A509E79314AF6 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
15:17:52.0498 0x1580  aswStm - ok
15:17:52.0513 0x1580  [ 11644D8399F4AC8BB12C2364DCB87CB4, 828C3A03AB9D5F0650C7B90B7479CCAAD586B22BB7AC6DB7C91E8D9D80427DFB ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
15:17:52.0519 0x1580  aswVmm - ok
15:17:52.0544 0x1580  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:52.0545 0x1580  AsyncMac - ok
15:17:52.0561 0x1580  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:17:52.0562 0x1580  atapi - ok
15:17:52.0609 0x1580  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:17:52.0635 0x1580  AudioEndpointBuilder - ok
15:17:52.0653 0x1580  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:17:52.0665 0x1580  AudioSrv - ok
15:17:52.0751 0x1580  [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:17:52.0757 0x1580  avast! Antivirus - ok
15:17:52.0797 0x1580  [ 9BCCEF665F197A5BBE86C679EFF608D0, 16D818E6642DD23B5915311C909E1131AA27592254ED8A6EAC59674AC80A01A0 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
15:17:52.0799 0x1580  avast! Firewall - ok
15:17:52.0966 0x1580  [ 986B03BCC7679B181EC540249956B080, 35FD1229DD016B0837A2879E685A830034DD36D5F52ECBAFA358299DCB126989 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
15:17:53.0033 0x1580  AvastVBoxSvc - ok
15:17:53.0077 0x1580  [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
15:17:53.0081 0x1580  Avira.OE.ServiceHost - ok
15:17:53.0130 0x1580  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:17:53.0134 0x1580  AxInstSV - ok
15:17:53.0179 0x1580  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:17:53.0189 0x1580  b06bdrv - ok
15:17:53.0206 0x1580  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:17:53.0213 0x1580  b57nd60a - ok
15:17:53.0248 0x1580  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:17:53.0251 0x1580  BDESVC - ok
15:17:53.0259 0x1580  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:17:53.0260 0x1580  Beep - ok
15:17:53.0314 0x1580  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:17:53.0340 0x1580  BFE - ok
15:17:53.0391 0x1580  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:17:53.0417 0x1580  BITS - ok
15:17:53.0439 0x1580  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:17:53.0440 0x1580  blbdrive - ok
15:17:53.0483 0x1580  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:17:53.0485 0x1580  bowser - ok
15:17:53.0516 0x1580  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:17:53.0517 0x1580  BrFiltLo - ok
15:17:53.0526 0x1580  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:17:53.0527 0x1580  BrFiltUp - ok
15:17:53.0552 0x1580  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:17:53.0555 0x1580  Browser - ok
15:17:53.0575 0x1580  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:17:53.0582 0x1580  Brserid - ok
15:17:53.0596 0x1580  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:17:53.0598 0x1580  BrSerWdm - ok
15:17:53.0611 0x1580  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:17:53.0612 0x1580  BrUsbMdm - ok
15:17:53.0623 0x1580  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:17:53.0624 0x1580  BrUsbSer - ok
15:17:53.0639 0x1580  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:17:53.0641 0x1580  BTHMODEM - ok
15:17:53.0689 0x1580  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:17:53.0692 0x1580  bthserv - ok
15:17:53.0786 0x1580  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
15:17:53.0810 0x1580  c2cautoupdatesvc - ok
15:17:53.0868 0x1580  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
15:17:53.0898 0x1580  c2cpnrsvc - ok
15:17:53.0935 0x1580  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:17:53.0938 0x1580  cdfs - ok
15:17:53.0970 0x1580  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:17:53.0974 0x1580  cdrom - ok
15:17:54.0009 0x1580  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:17:54.0012 0x1580  CertPropSvc - ok
15:17:54.0028 0x1580  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:17:54.0029 0x1580  circlass - ok
15:17:54.0056 0x1580  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:17:54.0065 0x1580  CLFS - ok
15:17:54.0137 0x1580  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:54.0139 0x1580  clr_optimization_v2.0.50727_32 - ok
15:17:54.0191 0x1580  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:54.0194 0x1580  clr_optimization_v2.0.50727_64 - ok
15:17:54.0245 0x1580  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:54.0249 0x1580  clr_optimization_v4.0.30319_32 - ok
15:17:54.0263 0x1580  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:54.0278 0x1580  clr_optimization_v4.0.30319_64 - ok
15:17:54.0306 0x1580  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:17:54.0307 0x1580  CmBatt - ok
15:17:54.0338 0x1580  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:17:54.0339 0x1580  cmdide - ok
15:17:54.0372 0x1580  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:17:54.0382 0x1580  CNG - ok
15:17:54.0399 0x1580  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:17:54.0400 0x1580  Compbatt - ok
15:17:54.0439 0x1580  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:17:54.0440 0x1580  CompositeBus - ok
15:17:54.0456 0x1580  COMSysApp - ok
15:17:54.0467 0x1580  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:17:54.0469 0x1580  crcdisk - ok
15:17:54.0495 0x1580  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:17:54.0499 0x1580  CryptSvc - ok
15:17:54.0600 0x1580  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:17:54.0614 0x1580  cvhsvc - ok
15:17:54.0647 0x1580  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:17:54.0665 0x1580  DcomLaunch - ok
15:17:54.0695 0x1580  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:17:54.0703 0x1580  defragsvc - ok
15:17:54.0717 0x1580  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:17:54.0720 0x1580  DfsC - ok
15:17:54.0767 0x1580  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:17:54.0775 0x1580  Dhcp - ok
15:17:54.0785 0x1580  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:17:54.0787 0x1580  discache - ok
15:17:54.0831 0x1580  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:17:54.0833 0x1580  Disk - ok
15:17:54.0862 0x1580  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:17:54.0867 0x1580  Dnscache - ok
15:17:54.0889 0x1580  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:17:54.0896 0x1580  dot3svc - ok
15:17:54.0911 0x1580  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:17:54.0916 0x1580  DPS - ok
15:17:54.0949 0x1580  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:17:54.0950 0x1580  drmkaud - ok
15:17:54.0998 0x1580  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:17:55.0032 0x1580  DXGKrnl - ok
15:17:55.0062 0x1580  EagleX64 - ok
15:17:55.0089 0x1580  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:17:55.0092 0x1580  EapHost - ok
15:17:55.0191 0x1580  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:17:55.0278 0x1580  ebdrv - ok
15:17:55.0308 0x1580  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:17:55.0310 0x1580  EFS - ok
15:17:55.0376 0x1580  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:17:55.0402 0x1580  ehRecvr - ok
15:17:55.0445 0x1580  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:17:55.0448 0x1580  ehSched - ok
15:17:55.0489 0x1580  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:17:55.0504 0x1580  elxstor - ok
15:17:55.0520 0x1580  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:17:55.0521 0x1580  ErrDev - ok
15:17:55.0559 0x1580  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:17:55.0569 0x1580  EventSystem - ok
15:17:55.0583 0x1580  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:17:55.0587 0x1580  exfat - ok
15:17:55.0654 0x1580  FairplayKD - ok
15:17:55.0674 0x1580  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:17:55.0679 0x1580  fastfat - ok
15:17:55.0716 0x1580  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:17:55.0741 0x1580  Fax - ok
15:17:55.0758 0x1580  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:17:55.0760 0x1580  fdc - ok
15:17:55.0769 0x1580  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:17:55.0770 0x1580  fdPHost - ok
15:17:55.0783 0x1580  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:17:55.0785 0x1580  FDResPub - ok
15:17:55.0797 0x1580  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:17:55.0800 0x1580  FileInfo - ok
15:17:55.0812 0x1580  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:17:55.0814 0x1580  Filetrace - ok
15:17:55.0830 0x1580  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:17:55.0831 0x1580  flpydisk - ok
15:17:55.0870 0x1580  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:17:55.0877 0x1580  FltMgr - ok
15:17:55.0934 0x1580  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:17:55.0969 0x1580  FontCache - ok
15:17:56.0005 0x1580  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:56.0007 0x1580  FontCache3.0.0.0 - ok
15:17:56.0021 0x1580  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:17:56.0023 0x1580  FsDepends - ok
15:17:56.0040 0x1580  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:17:56.0041 0x1580  Fs_Rec - ok
15:17:56.0069 0x1580  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:17:56.0074 0x1580  fvevol - ok
15:17:56.0109 0x1580  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:17:56.0111 0x1580  gagp30kx - ok
15:17:56.0234 0x1580  [ EBF714703106C1D5BC3E7B4C389A5828, D09472BCF71B58CF8F463131AD778F4D2E189047EE6B9AF088BCDE7B25398682 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
15:17:56.0254 0x1580  GfExperienceService - ok
15:17:56.0350 0x1580  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:17:56.0368 0x1580  gpsvc - ok
15:17:56.0417 0x1580  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:56.0420 0x1580  gupdate - ok
15:17:56.0424 0x1580  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:56.0426 0x1580  gupdatem - ok
15:17:56.0456 0x1580  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:17:56.0458 0x1580  hamachi - ok
15:17:56.0479 0x1580  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:17:56.0480 0x1580  hcw85cir - ok
15:17:56.0526 0x1580  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:17:56.0535 0x1580  HdAudAddService - ok
15:17:56.0556 0x1580  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:56.0559 0x1580  HDAudBus - ok
15:17:56.0571 0x1580  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:17:56.0573 0x1580  HidBatt - ok
15:17:56.0588 0x1580  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:17:56.0590 0x1580  HidBth - ok
15:17:56.0605 0x1580  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:17:56.0607 0x1580  HidIr - ok
15:17:56.0634 0x1580  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:17:56.0636 0x1580  hidserv - ok
15:17:56.0671 0x1580  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:17:56.0673 0x1580  HidUsb - ok
15:17:56.0682 0x1580  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:17:56.0686 0x1580  hkmsvc - ok
15:17:56.0701 0x1580  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:17:56.0708 0x1580  HomeGroupListener - ok
15:17:56.0721 0x1580  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:17:56.0727 0x1580  HomeGroupProvider - ok
15:17:56.0744 0x1580  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:17:56.0746 0x1580  HpSAMD - ok
15:17:56.0787 0x1580  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:17:56.0814 0x1580  HTTP - ok
15:17:56.0827 0x1580  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:17:56.0828 0x1580  hwpolicy - ok
15:17:56.0857 0x1580  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:17:56.0860 0x1580  i8042prt - ok
15:17:56.0887 0x1580  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:17:56.0896 0x1580  iaStorV - ok
15:17:56.0953 0x1580  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:56.0979 0x1580  idsvc - ok
15:17:57.0006 0x1580  IEEtwCollectorService - ok
15:17:57.0021 0x1580  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:17:57.0023 0x1580  iirsp - ok
15:17:57.0062 0x1580  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:17:57.0088 0x1580  IKEEXT - ok
15:17:57.0239 0x1580  [ 6BDCC85422817FA53CD705ADE312CE6A, 2EBEDF34493B4AE34442A89ACBCDB2C39447F21FBB015BDD7935DE95DD217CD0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:17:57.0363 0x1580  IntcAzAudAddService - ok
15:17:57.0390 0x1580  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:17:57.0391 0x1580  intelide - ok
15:17:57.0416 0x1580  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:17:57.0418 0x1580  intelppm - ok
15:17:57.0436 0x1580  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:17:57.0440 0x1580  IPBusEnum - ok
15:17:57.0458 0x1580  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:57.0460 0x1580  IpFilterDriver - ok
15:17:57.0495 0x1580  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:17:57.0511 0x1580  iphlpsvc - ok
15:17:57.0527 0x1580  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:17:57.0530 0x1580  IPMIDRV - ok
15:17:57.0545 0x1580  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:17:57.0548 0x1580  IPNAT - ok
15:17:57.0567 0x1580  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:17:57.0568 0x1580  IRENUM - ok
15:17:57.0578 0x1580  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:17:57.0579 0x1580  isapnp - ok
15:17:57.0604 0x1580  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:17:57.0610 0x1580  iScsiPrt - ok
15:17:57.0628 0x1580  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:57.0630 0x1580  kbdclass - ok
15:17:57.0654 0x1580  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:57.0656 0x1580  kbdhid - ok
15:17:57.0674 0x1580  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
15:17:57.0677 0x1580  KeyIso - ok
15:17:57.0700 0x1580  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:17:57.0703 0x1580  KSecDD - ok
15:17:57.0724 0x1580  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:17:57.0728 0x1580  KSecPkg - ok
15:17:57.0732 0x1580  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:17:57.0733 0x1580  ksthunk - ok
15:17:57.0767 0x1580  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:17:57.0777 0x1580  KtmRm - ok
15:17:57.0803 0x1580  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:17:57.0811 0x1580  LanmanServer - ok
15:17:57.0822 0x1580  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:17:57.0827 0x1580  LanmanWorkstation - ok
15:17:57.0854 0x1580  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:17:57.0856 0x1580  lltdio - ok
15:17:57.0893 0x1580  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:17:57.0901 0x1580  lltdsvc - ok
15:17:57.0915 0x1580  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:17:57.0918 0x1580  lmhosts - ok
15:17:57.0962 0x1580  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:17:57.0966 0x1580  LSI_FC - ok
15:17:57.0985 0x1580  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:17:57.0988 0x1580  LSI_SAS - ok
15:17:57.0999 0x1580  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:17:58.0001 0x1580  LSI_SAS2 - ok
15:17:58.0006 0x1580  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:17:58.0010 0x1580  LSI_SCSI - ok
15:17:58.0025 0x1580  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:17:58.0028 0x1580  luafv - ok
15:17:58.0179 0x1580  [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
15:17:58.0307 0x1580  LVUVC64 - ok
15:17:58.0350 0x1580  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:17:58.0354 0x1580  Mcx2Svc - ok
15:17:58.0367 0x1580  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:17:58.0369 0x1580  megasas - ok
15:17:58.0378 0x1580  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:17:58.0384 0x1580  MegaSR - ok
15:17:58.0408 0x1580  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:17:58.0411 0x1580  MMCSS - ok
15:17:58.0421 0x1580  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:17:58.0423 0x1580  Modem - ok
15:17:58.0440 0x1580  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:17:58.0442 0x1580  monitor - ok
15:17:58.0462 0x1580  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:17:58.0464 0x1580  mouclass - ok
15:17:58.0482 0x1580  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:17:58.0484 0x1580  mouhid - ok
15:17:58.0512 0x1580  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:17:58.0515 0x1580  mountmgr - ok
15:17:58.0533 0x1580  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:17:58.0537 0x1580  mpio - ok
15:17:58.0562 0x1580  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:17:58.0565 0x1580  mpsdrv - ok
15:17:58.0607 0x1580  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:17:58.0632 0x1580  MpsSvc - ok
15:17:58.0698 0x1580  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:17:58.0737 0x1580  MRxDAV - ok
15:17:58.0771 0x1580  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:58.0776 0x1580  mrxsmb - ok
15:17:58.0796 0x1580  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:58.0803 0x1580  mrxsmb10 - ok
15:17:58.0812 0x1580  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:58.0816 0x1580  mrxsmb20 - ok
15:17:58.0824 0x1580  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:17:58.0825 0x1580  msahci - ok
15:17:58.0854 0x1580  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:17:58.0857 0x1580  msdsm - ok
15:17:58.0871 0x1580  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:17:58.0876 0x1580  MSDTC - ok
15:17:58.0903 0x1580  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:17:58.0904 0x1580  Msfs - ok
15:17:58.0917 0x1580  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:17:58.0918 0x1580  mshidkmdf - ok
15:17:58.0942 0x1580  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:17:58.0943 0x1580  msisadrv - ok
15:17:58.0984 0x1580  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:17:58.0989 0x1580  MSiSCSI - ok
15:17:58.0992 0x1580  msiserver - ok
15:17:59.0013 0x1580  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:17:59.0014 0x1580  MSKSSRV - ok
15:17:59.0039 0x1580  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:59.0040 0x1580  MSPCLOCK - ok
15:17:59.0043 0x1580  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:17:59.0044 0x1580  MSPQM - ok
15:17:59.0080 0x1580  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:17:59.0088 0x1580  MsRPC - ok
15:17:59.0096 0x1580  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:59.0098 0x1580  mssmbios - ok
15:17:59.0113 0x1580  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:17:59.0115 0x1580  MSTEE - ok
15:17:59.0128 0x1580  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:17:59.0130 0x1580  MTConfig - ok
15:17:59.0144 0x1580  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:17:59.0147 0x1580  Mup - ok
15:17:59.0182 0x1580  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:17:59.0199 0x1580  napagent - ok
15:17:59.0231 0x1580  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:17:59.0239 0x1580  NativeWifiP - ok
15:17:59.0310 0x1580  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:17:59.0335 0x1580  NDIS - ok
15:17:59.0353 0x1580  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:17:59.0354 0x1580  NdisCap - ok
15:17:59.0383 0x1580  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:59.0384 0x1580  NdisTapi - ok
15:17:59.0411 0x1580  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:59.0413 0x1580  Ndisuio - ok
15:17:59.0427 0x1580  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:59.0431 0x1580  NdisWan - ok
15:17:59.0437 0x1580  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:17:59.0439 0x1580  NDProxy - ok
15:17:59.0450 0x1580  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:17:59.0451 0x1580  NetBIOS - ok
15:17:59.0464 0x1580  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:17:59.0470 0x1580  NetBT - ok
15:17:59.0483 0x1580  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
15:17:59.0485 0x1580  Netlogon - ok
15:17:59.0519 0x1580  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:17:59.0529 0x1580  Netman - ok
15:17:59.0555 0x1580  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0572 0x1580  NetMsmqActivator - ok
15:17:59.0578 0x1580  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0581 0x1580  NetPipeActivator - ok
15:17:59.0606 0x1580  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:17:59.0620 0x1580  netprofm - ok
15:17:59.0627 0x1580  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0630 0x1580  NetTcpActivator - ok
15:17:59.0635 0x1580  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:59.0638 0x1580  NetTcpPortSharing - ok
15:17:59.0658 0x1580  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:17:59.0660 0x1580  nfrd960 - ok
15:17:59.0679 0x1580  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:17:59.0688 0x1580  NlaSvc - ok
15:17:59.0718 0x1580  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:17:59.0720 0x1580  Npfs - ok
15:17:59.0731 0x1580  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:17:59.0734 0x1580  nsi - ok
15:17:59.0741 0x1580  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:17:59.0742 0x1580  nsiproxy - ok
15:17:59.0803 0x1580  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:17:59.0847 0x1580  Ntfs - ok
15:17:59.0857 0x1580  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:17:59.0858 0x1580  Null - ok
15:17:59.0904 0x1580  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:17:59.0909 0x1580  NVHDA - ok
15:18:00.0202 0x1580  [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:00.0463 0x1580  nvlddmkm - ok
15:18:00.0488 0x1580  Scan was interrupted by user!
15:18:00.0488 0x1580  Waiting for KSN requests completion. In queue: 197
15:18:01.0488 0x1580  Waiting for KSN requests completion. In queue: 197
15:18:02.0509 0x1580  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
15:18:02.0511 0x1580  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41010 ( enabled )
15:18:03.0649 0x1580  ============================================================
15:18:03.0649 0x1580  Scan finished
15:18:03.0649 0x1580  ============================================================
15:18:03.0654 0x1b78  Detected object count: 0
15:18:03.0654 0x1b78  Actual detected object count: 0
15:18:22.0445 0x1b98  ============================================================
15:18:22.0445 0x1b98  Scan started
15:18:22.0445 0x1b98  Mode: Manual; SigCheck; TDLFS; 
15:18:22.0445 0x1b98  ============================================================
15:18:22.0445 0x1b98  KSN ping started
15:18:23.0549 0x1b98  KSN ping finished: true
15:18:23.0897 0x1b98  ================ Scan system memory ========================
15:18:23.0897 0x1b98  System memory - ok
15:18:23.0898 0x1b98  ================ Scan services =============================
15:18:24.0005 0x1b98  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:18:24.0087 0x1b98  1394ohci - ok
15:18:24.0111 0x1b98  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:18:24.0128 0x1b98  ACPI - ok
15:18:24.0158 0x1b98  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:18:24.0218 0x1b98  AcpiPmi - ok
15:18:24.0294 0x1b98  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:18:24.0305 0x1b98  AdobeARMservice - ok
15:18:24.0345 0x1b98  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:18:24.0364 0x1b98  adp94xx - ok
15:18:24.0392 0x1b98  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:18:24.0408 0x1b98  adpahci - ok
15:18:24.0431 0x1b98  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:18:24.0445 0x1b98  adpu320 - ok
15:18:24.0480 0x1b98  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:18:24.0584 0x1b98  AeLookupSvc - ok
15:18:24.0629 0x1b98  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:18:24.0691 0x1b98  AFD - ok
15:18:24.0708 0x1b98  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:18:24.0718 0x1b98  agp440 - ok
15:18:24.0737 0x1b98  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:18:24.0787 0x1b98  ALG - ok
15:18:24.0809 0x1b98  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:18:24.0819 0x1b98  aliide - ok
15:18:24.0828 0x1b98  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:18:24.0838 0x1b98  amdide - ok
15:18:24.0855 0x1b98  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:18:24.0881 0x1b98  AmdK8 - ok
15:18:24.0897 0x1b98  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:18:24.0921 0x1b98  AmdPPM - ok
15:18:24.0952 0x1b98  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:18:24.0963 0x1b98  amdsata - ok
15:18:24.0994 0x1b98  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:18:25.0008 0x1b98  amdsbs - ok
15:18:25.0024 0x1b98  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:18:25.0034 0x1b98  amdxata - ok
15:18:25.0065 0x1b98  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:18:25.0186 0x1b98  AppID - ok
15:18:25.0211 0x1b98  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:18:25.0249 0x1b98  AppIDSvc - ok
15:18:25.0282 0x1b98  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:18:25.0320 0x1b98  Appinfo - ok
15:18:25.0336 0x1b98  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:18:25.0347 0x1b98  arc - ok
15:18:25.0378 0x1b98  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:18:25.0390 0x1b98  arcsas - ok
15:18:25.0504 0x1b98  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:18:25.0516 0x1b98  aspnet_state - ok
15:18:25.0538 0x1b98  [ BA4B999D245287608A79C92CDAE6F3C1, 799CC0FB185FDF3438687184944E6F6AB6EE73B3B542542D3C13C0FF1A8C0276 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
15:18:25.0552 0x1b98  aswHwid - ok
15:18:25.0570 0x1b98  [ 543D8AD4621A685CECBBE44BD5B71FAE, 5E8A20B4848F2AEB7BE56BA8966B961FD135433A87EC36ACAB3B63646A1DDCA8 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
15:18:25.0580 0x1b98  aswKbd - ok
15:18:25.0592 0x1b98  [ 245D3A0670491E1F88759EC45C9F7314, 1FFBDDDC6FCD29770B439933EEB8BE1ABA9149193932B2481720E8E9F265A797 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
15:18:25.0602 0x1b98  aswMonFlt - ok
15:18:25.0631 0x1b98  [ 95AAB2D70A5B8F4BDB1FF131CD726232, 8C7267BAE92FB2F31BCA7818BAC43F7E542F0E8A7405422B730DF2805CCD7FB4 ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
15:18:25.0649 0x1b98  aswNdisFlt - ok
15:18:25.0668 0x1b98  [ BC18D5B42B19564BA09156410E1FB9BE, 0DA9636632462208AE4D360BFE5A8187644B036A0D43E981665D888A5363B953 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
15:18:25.0679 0x1b98  aswRdr - ok
15:18:25.0694 0x1b98  [ 713AFFD4E38553AEF04617C985B4030B, A09FBE4D49390024E8CF93352EACEB5AC53BEE5A4E5A76F5BE0341F8A002C4DD ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
15:18:25.0704 0x1b98  aswRvrt - ok
15:18:25.0742 0x1b98  [ 669F6B37965756E407B447272B5EE39F, FE2C0A8F96415191650485AED637A45B26E7B9A25A4BFB5D809844BD24FD6BA9 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
15:18:25.0772 0x1b98  aswSnx - ok
15:18:25.0799 0x1b98  [ 3A145C94A519E52FE7E99460DD0DF53C, 91E9544B1B72FCC32463BF34838DAA9F14DCABF3BE9FE9382087ACDB3B4FC598 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
15:18:25.0817 0x1b98  aswSP - ok
15:18:25.0829 0x1b98  [ 8CDA894FA86D03FB43063D5FD85EFCAE, 20D110ACC84300514557AB6E565CFA0101DA749559B52877A41A509E79314AF6 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
15:18:25.0840 0x1b98  aswStm - ok
15:18:25.0864 0x1b98  [ 11644D8399F4AC8BB12C2364DCB87CB4, 828C3A03AB9D5F0650C7B90B7479CCAAD586B22BB7AC6DB7C91E8D9D80427DFB ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
15:18:25.0878 0x1b98  aswVmm - ok
15:18:25.0904 0x1b98  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:25.0946 0x1b98  AsyncMac - ok
15:18:25.0971 0x1b98  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:18:25.0981 0x1b98  atapi - ok
15:18:26.0018 0x1b98  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:18:26.0087 0x1b98  AudioEndpointBuilder - ok
15:18:26.0118 0x1b98  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:18:26.0145 0x1b98  AudioSrv - ok
15:18:26.0227 0x1b98  [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:18:26.0243 0x1b98  avast! Antivirus - ok
15:18:26.0265 0x1b98  [ 9BCCEF665F197A5BBE86C679EFF608D0, 16D818E6642DD23B5915311C909E1131AA27592254ED8A6EAC59674AC80A01A0 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
15:18:26.0276 0x1b98  avast! Firewall - ok
15:18:26.0427 0x1b98  [ 986B03BCC7679B181EC540249956B080, 35FD1229DD016B0837A2879E685A830034DD36D5F52ECBAFA358299DCB126989 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
15:18:26.0522 0x1b98  AvastVBoxSvc - ok
15:18:26.0561 0x1b98  [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
15:18:26.0587 0x1b98  Avira.OE.ServiceHost - ok
15:18:26.0615 0x1b98  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:18:26.0665 0x1b98  AxInstSV - ok
15:18:26.0696 0x1b98  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:18:26.0731 0x1b98  b06bdrv - ok
15:18:26.0757 0x1b98  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:18:26.0789 0x1b98  b57nd60a - ok
15:18:26.0815 0x1b98  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:18:26.0850 0x1b98  BDESVC - ok
15:18:26.0859 0x1b98  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:18:26.0899 0x1b98  Beep - ok
15:18:26.0932 0x1b98  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:18:26.0992 0x1b98  BFE - ok
15:18:27.0032 0x1b98  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:18:27.0102 0x1b98  BITS - ok
15:18:27.0114 0x1b98  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:18:27.0139 0x1b98  blbdrive - ok
15:18:27.0166 0x1b98  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:18:27.0223 0x1b98  bowser - ok
15:18:27.0241 0x1b98  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:18:27.0267 0x1b98  BrFiltLo - ok
15:18:27.0284 0x1b98  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:18:27.0299 0x1b98  BrFiltUp - ok
15:18:27.0327 0x1b98  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:18:27.0355 0x1b98  Browser - ok
15:18:27.0375 0x1b98  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:18:27.0420 0x1b98  Brserid - ok
15:18:27.0438 0x1b98  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:18:27.0460 0x1b98  BrSerWdm - ok
15:18:27.0486 0x1b98  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:18:27.0510 0x1b98  BrUsbMdm - ok
15:18:27.0523 0x1b98  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:18:27.0546 0x1b98  BrUsbSer - ok
15:18:27.0564 0x1b98  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:18:27.0589 0x1b98  BTHMODEM - ok
15:18:27.0614 0x1b98  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:18:27.0644 0x1b98  bthserv - ok
15:18:27.0729 0x1b98  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
15:18:27.0767 0x1b98  c2cautoupdatesvc - ok
15:18:27.0818 0x1b98  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
15:18:27.0864 0x1b98  c2cpnrsvc - ok
15:18:27.0902 0x1b98  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:18:27.0954 0x1b98  cdfs - ok
15:18:27.0978 0x1b98  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:18:27.0993 0x1b98  cdrom - ok
15:18:28.0017 0x1b98  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:18:28.0056 0x1b98  CertPropSvc - ok
15:18:28.0070 0x1b98  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:18:28.0091 0x1b98  circlass - ok
15:18:28.0124 0x1b98  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:18:28.0141 0x1b98  CLFS - ok
15:18:28.0205 0x1b98  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:28.0216 0x1b98  clr_optimization_v2.0.50727_32 - ok
15:18:28.0267 0x1b98  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:18:28.0278 0x1b98  clr_optimization_v2.0.50727_64 - ok
15:18:28.0313 0x1b98  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:28.0326 0x1b98  clr_optimization_v4.0.30319_32 - ok
15:18:28.0347 0x1b98  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:18:28.0360 0x1b98  clr_optimization_v4.0.30319_64 - ok
15:18:28.0382 0x1b98  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:18:28.0407 0x1b98  CmBatt - ok
15:18:28.0430 0x1b98  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:18:28.0440 0x1b98  cmdide - ok
15:18:28.0473 0x1b98  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:18:28.0512 0x1b98  CNG - ok
15:18:28.0525 0x1b98  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:18:28.0535 0x1b98  Compbatt - ok
15:18:28.0565 0x1b98  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:18:28.0589 0x1b98  CompositeBus - ok
15:18:28.0592 0x1b98  COMSysApp - ok
15:18:28.0618 0x1b98  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:18:28.0629 0x1b98  crcdisk - ok
15:18:28.0654 0x1b98  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:18:28.0695 0x1b98  CryptSvc - ok
15:18:28.0768 0x1b98  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:18:28.0793 0x1b98  cvhsvc - ok
15:18:28.0823 0x1b98  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:18:28.0877 0x1b98  DcomLaunch - ok
15:18:28.0905 0x1b98  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:18:28.0954 0x1b98  defragsvc - ok
15:18:28.0969 0x1b98  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:18:29.0004 0x1b98  DfsC - ok
15:18:29.0035 0x1b98  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:18:29.0075 0x1b98  Dhcp - ok
15:18:29.0086 0x1b98  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:18:29.0124 0x1b98  discache - ok
         


Alt 03.04.2015, 01:42   #6
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Code:
ATTFilter
0x1b98  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:18:29.0168 0x1b98  Disk - ok
15:18:29.0196 0x1b98  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:18:29.0237 0x1b98  Dnscache - ok
15:18:29.0274 0x1b98  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:18:29.0318 0x1b98  dot3svc - ok
15:18:29.0345 0x1b98  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:18:29.0383 0x1b98  DPS - ok
15:18:29.0400 0x1b98  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:18:29.0435 0x1b98  drmkaud - ok
15:18:29.0482 0x1b98  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:18:29.0511 0x1b98  DXGKrnl - ok
15:18:29.0516 0x1b98  EagleX64 - ok
15:18:29.0556 0x1b98  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:18:29.0605 0x1b98  EapHost - ok
15:18:29.0716 0x1b98  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:18:29.0815 0x1b98  ebdrv - ok
15:18:29.0851 0x1b98  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:18:29.0891 0x1b98  EFS - ok
15:18:29.0952 0x1b98  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:18:30.0011 0x1b98  ehRecvr - ok
15:18:30.0038 0x1b98  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:18:30.0063 0x1b98  ehSched - ok
15:18:30.0099 0x1b98  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:18:30.0119 0x1b98  elxstor - ok
15:18:30.0146 0x1b98  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:18:30.0170 0x1b98  ErrDev - ok
15:18:30.0193 0x1b98  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:18:30.0239 0x1b98  EventSystem - ok
15:18:30.0269 0x1b98  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:18:30.0301 0x1b98  exfat - ok
15:18:30.0338 0x1b98  FairplayKD - ok
15:18:30.0359 0x1b98  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:18:30.0398 0x1b98  fastfat - ok
15:18:30.0442 0x1b98  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:18:30.0507 0x1b98  Fax - ok
15:18:30.0526 0x1b98  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:18:30.0545 0x1b98  fdc - ok
15:18:30.0561 0x1b98  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:18:30.0602 0x1b98  fdPHost - ok
15:18:30.0625 0x1b98  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:18:30.0663 0x1b98  FDResPub - ok
15:18:30.0682 0x1b98  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:18:30.0692 0x1b98  FileInfo - ok
15:18:30.0705 0x1b98  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:18:30.0748 0x1b98  Filetrace - ok
15:18:30.0781 0x1b98  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:18:30.0793 0x1b98  flpydisk - ok
15:18:30.0821 0x1b98  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:18:30.0836 0x1b98  FltMgr - ok
15:18:30.0893 0x1b98  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:18:30.0938 0x1b98  FontCache - ok
15:18:30.0973 0x1b98  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:18:30.0982 0x1b98  FontCache3.0.0.0 - ok
15:18:30.0997 0x1b98  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:18:31.0007 0x1b98  FsDepends - ok
15:18:31.0024 0x1b98  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:18:31.0034 0x1b98  Fs_Rec - ok
15:18:31.0061 0x1b98  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:18:31.0078 0x1b98  fvevol - ok
15:18:31.0109 0x1b98  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:18:31.0120 0x1b98  gagp30kx - ok
15:18:31.0209 0x1b98  [ EBF714703106C1D5BC3E7B4C389A5828, D09472BCF71B58CF8F463131AD778F4D2E189047EE6B9AF088BCDE7B25398682 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
15:18:31.0242 0x1b98  GfExperienceService - ok
15:18:31.0293 0x1b98  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:18:31.0339 0x1b98  gpsvc - ok
15:18:31.0368 0x1b98  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:31.0378 0x1b98  gupdate - ok
15:18:31.0382 0x1b98  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:31.0392 0x1b98  gupdatem - ok
15:18:31.0423 0x1b98  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:18:31.0433 0x1b98  hamachi - ok
15:18:31.0446 0x1b98  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:18:31.0482 0x1b98  hcw85cir - ok
15:18:31.0520 0x1b98  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:18:31.0552 0x1b98  HdAudAddService - ok
15:18:31.0565 0x1b98  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:18:31.0588 0x1b98  HDAudBus - ok
15:18:31.0597 0x1b98  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:18:31.0623 0x1b98  HidBatt - ok
15:18:31.0647 0x1b98  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:18:31.0668 0x1b98  HidBth - ok
15:18:31.0689 0x1b98  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:18:31.0704 0x1b98  HidIr - ok
15:18:31.0718 0x1b98  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:18:31.0755 0x1b98  hidserv - ok
15:18:31.0781 0x1b98  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:18:31.0801 0x1b98  HidUsb - ok
15:18:31.0816 0x1b98  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:18:31.0862 0x1b98  hkmsvc - ok
15:18:31.0886 0x1b98  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:18:31.0908 0x1b98  HomeGroupListener - ok
15:18:31.0922 0x1b98  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:18:31.0945 0x1b98  HomeGroupProvider - ok
15:18:31.0962 0x1b98  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:18:31.0973 0x1b98  HpSAMD - ok
15:18:32.0005 0x1b98  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:18:32.0064 0x1b98  HTTP - ok
15:18:32.0087 0x1b98  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:18:32.0096 0x1b98  hwpolicy - ok
15:18:32.0117 0x1b98  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:18:32.0131 0x1b98  i8042prt - ok
15:18:32.0163 0x1b98  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:18:32.0181 0x1b98  iaStorV - ok
15:18:32.0237 0x1b98  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:18:32.0266 0x1b98  idsvc - ok
15:18:32.0271 0x1b98  IEEtwCollectorService - ok
15:18:32.0289 0x1b98  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:18:32.0300 0x1b98  iirsp - ok
15:18:32.0338 0x1b98  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:18:32.0392 0x1b98  IKEEXT - ok
15:18:32.0520 0x1b98  [ 6BDCC85422817FA53CD705ADE312CE6A, 2EBEDF34493B4AE34442A89ACBCDB2C39447F21FBB015BDD7935DE95DD217CD0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:18:32.0612 0x1b98  IntcAzAudAddService - ok
15:18:32.0641 0x1b98  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:18:32.0650 0x1b98  intelide - ok
15:18:32.0659 0x1b98  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:18:32.0672 0x1b98  intelppm - ok
15:18:32.0696 0x1b98  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:18:32.0732 0x1b98  IPBusEnum - ok
15:18:32.0750 0x1b98  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:32.0789 0x1b98  IpFilterDriver - ok
15:18:32.0829 0x1b98  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:18:32.0881 0x1b98  iphlpsvc - ok
15:18:32.0895 0x1b98  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:18:32.0914 0x1b98  IPMIDRV - ok
15:18:32.0929 0x1b98  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:18:32.0966 0x1b98  IPNAT - ok
15:18:32.0993 0x1b98  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:18:33.0022 0x1b98  IRENUM - ok
15:18:33.0037 0x1b98  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:18:33.0048 0x1b98  isapnp - ok
15:18:33.0072 0x1b98  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:18:33.0086 0x1b98  iScsiPrt - ok
15:18:33.0104 0x1b98  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:18:33.0115 0x1b98  kbdclass - ok
15:18:33.0122 0x1b98  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:18:33.0146 0x1b98  kbdhid - ok
15:18:33.0159 0x1b98  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
15:18:33.0172 0x1b98  KeyIso - ok
15:18:33.0193 0x1b98  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:18:33.0204 0x1b98  KSecDD - ok
15:18:33.0225 0x1b98  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:18:33.0238 0x1b98  KSecPkg - ok
15:18:33.0243 0x1b98  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:18:33.0291 0x1b98  ksthunk - ok
15:18:33.0318 0x1b98  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:18:33.0372 0x1b98  KtmRm - ok
15:18:33.0395 0x1b98  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:18:33.0437 0x1b98  LanmanServer - ok
15:18:33.0456 0x1b98  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:18:33.0499 0x1b98  LanmanWorkstation - ok
15:18:33.0522 0x1b98  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:18:33.0563 0x1b98  lltdio - ok
15:18:33.0594 0x1b98  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:18:33.0638 0x1b98  lltdsvc - ok
15:18:33.0650 0x1b98  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:18:33.0685 0x1b98  lmhosts - ok
15:18:33.0714 0x1b98  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:18:33.0725 0x1b98  LSI_FC - ok
15:18:33.0753 0x1b98  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:18:33.0764 0x1b98  LSI_SAS - ok
15:18:33.0792 0x1b98  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:18:33.0803 0x1b98  LSI_SAS2 - ok
15:18:33.0811 0x1b98  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:18:33.0823 0x1b98  LSI_SCSI - ok
15:18:33.0834 0x1b98  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:18:33.0870 0x1b98  luafv - ok
15:18:34.0003 0x1b98  [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
15:18:34.0117 0x1b98  LVUVC64 - ok
15:18:34.0159 0x1b98  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:18:34.0185 0x1b98  Mcx2Svc - ok
15:18:34.0201 0x1b98  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:18:34.0211 0x1b98  megasas - ok
15:18:34.0220 0x1b98  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:18:34.0236 0x1b98  MegaSR - ok
15:18:34.0259 0x1b98  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:18:34.0289 0x1b98  MMCSS - ok
15:18:34.0305 0x1b98  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:18:34.0342 0x1b98  Modem - ok
15:18:34.0366 0x1b98  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:18:34.0391 0x1b98  monitor - ok
15:18:34.0406 0x1b98  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:18:34.0416 0x1b98  mouclass - ok
15:18:34.0425 0x1b98  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:18:34.0450 0x1b98  mouhid - ok
15:18:34.0471 0x1b98  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:18:34.0483 0x1b98  mountmgr - ok
15:18:34.0510 0x1b98  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:18:34.0522 0x1b98  mpio - ok
15:18:34.0546 0x1b98  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:18:34.0576 0x1b98  mpsdrv - ok
15:18:34.0733 0x1b98  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:18:34.0780 0x1b98  MpsSvc - ok
15:18:34.0813 0x1b98  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:18:34.0836 0x1b98  MRxDAV - ok
15:18:34.0856 0x1b98  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:34.0892 0x1b98  mrxsmb - ok
15:18:34.0913 0x1b98  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:34.0931 0x1b98  mrxsmb10 - ok
15:18:34.0955 0x1b98  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:34.0970 0x1b98  mrxsmb20 - ok
15:18:34.0975 0x1b98  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:18:34.0985 0x1b98  msahci - ok
15:18:35.0013 0x1b98  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:18:35.0025 0x1b98  msdsm - ok
15:18:35.0048 0x1b98  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:18:35.0070 0x1b98  MSDTC - ok
15:18:35.0088 0x1b98  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:18:35.0127 0x1b98  Msfs - ok
15:18:35.0143 0x1b98  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:18:35.0176 0x1b98  mshidkmdf - ok
15:18:35.0202 0x1b98  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:18:35.0211 0x1b98  msisadrv - ok
15:18:35.0235 0x1b98  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:18:35.0277 0x1b98  MSiSCSI - ok
15:18:35.0280 0x1b98  msiserver - ok
15:18:35.0297 0x1b98  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:18:35.0343 0x1b98  MSKSSRV - ok
15:18:35.0365 0x1b98  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:35.0400 0x1b98  MSPCLOCK - ok
15:18:35.0403 0x1b98  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:18:35.0450 0x1b98  MSPQM - ok
15:18:35.0482 0x1b98  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:18:35.0498 0x1b98  MsRPC - ok
15:18:35.0522 0x1b98  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:18:35.0533 0x1b98  mssmbios - ok
15:18:35.0548 0x1b98  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:18:35.0588 0x1b98  MSTEE - ok
15:18:35.0604 0x1b98  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:18:35.0625 0x1b98  MTConfig - ok
15:18:35.0637 0x1b98  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:18:35.0648 0x1b98  Mup - ok
15:18:35.0682 0x1b98  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:18:35.0731 0x1b98  napagent - ok
15:18:35.0765 0x1b98  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:18:35.0801 0x1b98  NativeWifiP - ok
15:18:35.0844 0x1b98  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:18:35.0873 0x1b98  NDIS - ok
15:18:35.0887 0x1b98  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:35.0916 0x1b98  NdisCap - ok
15:18:35.0942 0x1b98  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:35.0970 0x1b98  NdisTapi - ok
15:18:35.0996 0x1b98  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:36.0031 0x1b98  Ndisuio - ok
15:18:36.0053 0x1b98  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:36.0095 0x1b98  NdisWan - ok
15:18:36.0105 0x1b98  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:18:36.0134 0x1b98  NDProxy - ok
15:18:36.0151 0x1b98  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:18:36.0190 0x1b98  NetBIOS - ok
15:18:36.0207 0x1b98  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:18:36.0240 0x1b98  NetBT - ok
15:18:36.0251 0x1b98  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
15:18:36.0264 0x1b98  Netlogon - ok
15:18:36.0295 0x1b98  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:18:36.0345 0x1b98  Netman - ok
15:18:36.0373 0x1b98  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0387 0x1b98  NetMsmqActivator - ok
15:18:36.0398 0x1b98  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0412 0x1b98  NetPipeActivator - ok
15:18:36.0440 0x1b98  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:18:36.0492 0x1b98  netprofm - ok
15:18:36.0498 0x1b98  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0512 0x1b98  NetTcpActivator - ok
15:18:36.0518 0x1b98  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:36.0532 0x1b98  NetTcpPortSharing - ok
15:18:36.0550 0x1b98  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:18:36.0561 0x1b98  nfrd960 - ok
15:18:36.0589 0x1b98  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:18:36.0616 0x1b98  NlaSvc - ok
15:18:36.0644 0x1b98  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:18:36.0673 0x1b98  Npfs - ok
15:18:36.0691 0x1b98  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:18:36.0722 0x1b98  nsi - ok
15:18:36.0758 0x1b98  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:18:36.0798 0x1b98  nsiproxy - ok
15:18:36.0864 0x1b98  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:18:36.0907 0x1b98  Ntfs - ok
15:18:36.0925 0x1b98  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:18:36.0966 0x1b98  Null - ok
15:18:36.0997 0x1b98  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:18:37.0009 0x1b98  NVHDA - ok
15:18:37.0274 0x1b98  [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:37.0500 0x1b98  nvlddmkm - ok
15:18:37.0612 0x1b98  [ F758A5752CA282925CE3324FDBBADBED, E9DE21AE4509BC401FE7BD717E1585BDEAF2E016A4DC8BB829DD43F54101923F ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
15:18:37.0658 0x1b98  NvNetworkService - ok
15:18:37.0676 0x1b98  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:18:37.0688 0x1b98  nvraid - ok
15:18:37.0719 0x1b98  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:18:37.0733 0x1b98  nvstor - ok
15:18:37.0783 0x1b98  [ 0772513BF441995A61A6C6F87BE12174, 308203FACAAFC87AA18765F0F358ADF5F99D0CAA9ADE51C14C43416FAB68FA18 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
15:18:37.0792 0x1b98  NvStreamKms - ok
15:18:37.0796 0x1b98  NvStreamSvc - ok
15:18:37.0835 0x1b98  [ 2AF7D8BCD8912FC16AA15268CDCF2454, 3A2E5ADFC6213A6EA83F78026518EC7EE0DD4BBA7C210CB7A41007BB57DC0636 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:18:37.0864 0x1b98  nvsvc - ok
15:18:37.0885 0x1b98  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:18:37.0895 0x1b98  nvvad_WaveExtensible - ok
15:18:37.0926 0x1b98  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:18:37.0939 0x1b98  nv_agp - ok
15:18:37.0972 0x1b98  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:18:37.0997 0x1b98  ohci1394 - ok
15:18:38.0092 0x1b98  [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
15:18:38.0180 0x1b98  Origin Client Service - ok
15:18:38.0213 0x1b98  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:38.0226 0x1b98  ose - ok
15:18:38.0396 0x1b98  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:18:38.0558 0x1b98  osppsvc - ok
15:18:38.0597 0x1b98  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:18:38.0644 0x1b98  p2pimsvc - ok
15:18:38.0668 0x1b98  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:18:38.0697 0x1b98  p2psvc - ok
15:18:38.0733 0x1b98  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:18:38.0769 0x1b98  Parport - ok
15:18:38.0793 0x1b98  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:18:38.0805 0x1b98  partmgr - ok
15:18:38.0828 0x1b98  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:18:38.0858 0x1b98  PcaSvc - ok
15:18:38.0882 0x1b98  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:18:38.0896 0x1b98  pci - ok
15:18:38.0927 0x1b98  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:18:38.0937 0x1b98  pciide - ok
15:18:38.0960 0x1b98  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:18:38.0975 0x1b98  pcmcia - ok
15:18:38.0994 0x1b98  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:18:39.0005 0x1b98  pcw - ok
15:18:39.0042 0x1b98  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:18:39.0116 0x1b98  PEAUTH - ok
15:18:39.0171 0x1b98  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:18:39.0196 0x1b98  PerfHost - ok
15:18:39.0253 0x1b98  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:18:39.0351 0x1b98  pla - ok
15:18:39.0389 0x1b98  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:18:39.0430 0x1b98  PlugPlay - ok
15:18:39.0449 0x1b98  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:18:39.0471 0x1b98  PNRPAutoReg - ok
15:18:39.0489 0x1b98  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:18:39.0508 0x1b98  PNRPsvc - ok
15:18:39.0550 0x1b98  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:18:39.0607 0x1b98  PolicyAgent - ok
15:18:39.0645 0x1b98  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:18:39.0694 0x1b98  Power - ok
15:18:39.0757 0x1b98  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:18:39.0798 0x1b98  PptpMiniport - ok
15:18:39.0814 0x1b98  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:18:39.0838 0x1b98  Processor - ok
15:18:39.0872 0x1b98  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:18:39.0913 0x1b98  ProfSvc - ok
15:18:39.0925 0x1b98  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:18:39.0939 0x1b98  ProtectedStorage - ok
15:18:39.0977 0x1b98  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:18:40.0018 0x1b98  Psched - ok
15:18:40.0077 0x1b98  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:18:40.0142 0x1b98  ql2300 - ok
15:18:40.0169 0x1b98  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:18:40.0181 0x1b98  ql40xx - ok
15:18:40.0204 0x1b98  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:18:40.0229 0x1b98  QWAVE - ok
15:18:40.0248 0x1b98  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:18:40.0273 0x1b98  QWAVEdrv - ok
15:18:40.0288 0x1b98  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:18:40.0317 0x1b98  RasAcd - ok
15:18:40.0361 0x1b98  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:40.0390 0x1b98  RasAgileVpn - ok
15:18:40.0403 0x1b98  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:18:40.0446 0x1b98  RasAuto - ok
15:18:40.0472 0x1b98  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:40.0515 0x1b98  Rasl2tp - ok
15:18:40.0542 0x1b98  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:18:40.0580 0x1b98  RasMan - ok
15:18:40.0597 0x1b98  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:40.0634 0x1b98  RasPppoe - ok
15:18:40.0662 0x1b98  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:18:40.0703 0x1b98  RasSstp - ok
15:18:40.0719 0x1b98  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:18:40.0765 0x1b98  rdbss - ok
15:18:40.0782 0x1b98  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:18:40.0797 0x1b98  rdpbus - ok
15:18:40.0809 0x1b98  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:40.0837 0x1b98  RDPCDD - ok
15:18:40.0868 0x1b98  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:18:40.0906 0x1b98  RDPENCDD - ok
15:18:40.0917 0x1b98  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:18:40.0946 0x1b98  RDPREFMP - ok
15:18:40.0981 0x1b98  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:18:41.0016 0x1b98  RDPWD - ok
15:18:41.0056 0x1b98  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:18:41.0071 0x1b98  rdyboost - ok
15:18:41.0105 0x1b98  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:18:41.0155 0x1b98  RemoteAccess - ok
15:18:41.0182 0x1b98  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:18:41.0226 0x1b98  RemoteRegistry - ok
15:18:41.0245 0x1b98  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:18:41.0282 0x1b98  RpcEptMapper - ok
15:18:41.0308 0x1b98  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:18:41.0329 0x1b98  RpcLocator - ok
15:18:41.0356 0x1b98  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:18:41.0396 0x1b98  RpcSs - ok
15:18:41.0429 0x1b98  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:18:41.0459 0x1b98  rspndr - ok
15:18:41.0523 0x1b98  [ 7F4F11527AF5A7E4526CB6A146B3E40C, 705177014374AB2F12AF4558344C35C206C2820BD1A16770173EA10D094D182B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:18:41.0558 0x1b98  RTL8167 - ok
15:18:41.0575 0x1b98  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
15:18:41.0589 0x1b98  SamSs - ok
15:18:41.0621 0x1b98  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:18:41.0633 0x1b98  sbp2port - ok
15:18:41.0657 0x1b98  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:18:41.0692 0x1b98  SCardSvr - ok
15:18:41.0707 0x1b98  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:18:41.0744 0x1b98  scfilter - ok
15:18:41.0789 0x1b98  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:18:41.0865 0x1b98  Schedule - ok
15:18:41.0893 0x1b98  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:18:41.0921 0x1b98  SCPolicySvc - ok
15:18:41.0975 0x1b98  [ CDDE0B41D4C739B8C85E81C39A595A1A, EFD12069289D16E1BF667D305653C8689FB20FA340F9B1CDEB46C2D52CFF15B5 ] scramby         C:\Windows\system32\drivers\scramby.sys
15:18:41.0984 0x1b98  scramby - ok
15:18:42.0005 0x1b98  [ 3C9A97573D3B8A8450F92636D9846A74, 8F25AD3D65F0D7A81053B88C1BC4626D63E26AC09AC4A65F5E428C9F87EA6031 ] scramby_out     C:\Windows\system32\drivers\scramby_out.sys
15:18:42.0015 0x1b98  scramby_out - ok
15:18:42.0126 0x1b98  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
15:18:42.0162 0x1b98  ScreamBAudioSvc - ok
15:18:42.0180 0x1b98  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:18:42.0211 0x1b98  SDRSVC - ok
15:18:42.0242 0x1b98  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:18:42.0285 0x1b98  secdrv - ok
15:18:42.0305 0x1b98  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:18:42.0335 0x1b98  seclogon - ok
15:18:42.0365 0x1b98  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:18:42.0404 0x1b98  SENS - ok
15:18:42.0423 0x1b98  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:18:42.0451 0x1b98  SensrSvc - ok
15:18:42.0465 0x1b98  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:18:42.0489 0x1b98  Serenum - ok
15:18:42.0528 0x1b98  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
15:18:42.0550 0x1b98  Serial - ok
15:18:42.0565 0x1b98  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:18:42.0590 0x1b98  sermouse - ok
15:18:42.0624 0x1b98  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:18:42.0666 0x1b98  SessionEnv - ok
15:18:42.0682 0x1b98  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:18:42.0697 0x1b98  sffdisk - ok
15:18:42.0701 0x1b98  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:18:42.0716 0x1b98  sffp_mmc - ok
15:18:42.0741 0x1b98  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:18:42.0770 0x1b98  sffp_sd - ok
15:18:42.0781 0x1b98  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:18:42.0806 0x1b98  sfloppy - ok
15:18:42.0851 0x1b98  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
15:18:42.0888 0x1b98  Sftfs - ok
15:18:42.0932 0x1b98  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:18:42.0952 0x1b98  sftlist - ok
15:18:42.0982 0x1b98  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:18:42.0999 0x1b98  Sftplay - ok
15:18:43.0009 0x1b98  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:18:43.0019 0x1b98  Sftredir - ok
15:18:43.0030 0x1b98  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:18:43.0040 0x1b98  Sftvol - ok
15:18:43.0057 0x1b98  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:18:43.0070 0x1b98  sftvsa - ok
15:18:43.0101 0x1b98  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:18:43.0153 0x1b98  SharedAccess - ok
15:18:43.0194 0x1b98  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:18:43.0244 0x1b98  ShellHWDetection - ok
15:18:43.0268 0x1b98  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:18:43.0279 0x1b98  SiSRaid2 - ok
15:18:43.0302 0x1b98  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:18:43.0313 0x1b98  SiSRaid4 - ok
15:18:43.0382 0x1b98  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:18:43.0400 0x1b98  SkypeUpdate - ok
15:18:43.0432 0x1b98  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:18:43.0474 0x1b98  Smb - ok
15:18:43.0510 0x1b98  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:18:43.0538 0x1b98  SNMPTRAP - ok
15:18:43.0557 0x1b98  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:18:43.0568 0x1b98  spldr - ok
15:18:43.0604 0x1b98  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:18:43.0661 0x1b98  Spooler - ok
15:18:43.0772 0x1b98  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:18:43.0926 0x1b98  sppsvc - ok
15:18:43.0954 0x1b98  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:18:43.0986 0x1b98  sppuinotify - ok
15:18:44.0017 0x1b98  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:18:44.0064 0x1b98  srv - ok
15:18:44.0095 0x1b98  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:18:44.0137 0x1b98  srv2 - ok
15:18:44.0171 0x1b98  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:18:44.0187 0x1b98  srvnet - ok
15:18:44.0232 0x1b98  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:18:44.0277 0x1b98  SSDPSRV - ok
15:18:44.0297 0x1b98  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:18:44.0329 0x1b98  SstpSvc - ok
15:18:44.0386 0x1b98  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:18:44.0447 0x1b98  Steam Client Service - ok
15:18:44.0492 0x1b98  [ 6213F20854FB987119503F9F91C70B9F, E1683753D192B154DBFE1FD03625A2A56F8576CE2A7619B41159B1C718C73B88 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:18:44.0508 0x1b98  Stereo Service - ok
15:18:44.0543 0x1b98  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:18:44.0553 0x1b98  stexstor - ok
15:18:44.0616 0x1b98  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:18:44.0690 0x1b98  stisvc - ok
15:18:44.0707 0x1b98  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:18:44.0717 0x1b98  swenum - ok
15:18:44.0764 0x1b98  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:18:44.0819 0x1b98  swprv - ok
15:18:44.0879 0x1b98  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:18:44.0967 0x1b98  SysMain - ok
15:18:44.0995 0x1b98  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:18:45.0017 0x1b98  TabletInputService - ok
15:18:45.0027 0x1b98  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:18:45.0071 0x1b98  TapiSrv - ok
15:18:45.0090 0x1b98  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:18:45.0122 0x1b98  TBS - ok
15:18:45.0190 0x1b98  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:18:45.0257 0x1b98  Tcpip - ok
15:18:45.0314 0x1b98  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:18:45.0361 0x1b98  TCPIP6 - ok
15:18:45.0395 0x1b98  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:18:45.0407 0x1b98  tcpipreg - ok
15:18:45.0426 0x1b98  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:18:45.0459 0x1b98  TDPIPE - ok
15:18:45.0484 0x1b98  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:18:45.0503 0x1b98  TDTCP - ok
15:18:45.0550 0x1b98  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:18:45.0580 0x1b98  tdx - ok
15:18:45.0596 0x1b98  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:18:45.0607 0x1b98  TermDD - ok
15:18:45.0644 0x1b98  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:18:45.0718 0x1b98  TermService - ok
15:18:45.0743 0x1b98  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:18:45.0763 0x1b98  Themes - ok
15:18:45.0793 0x1b98  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:18:45.0824 0x1b98  THREADORDER - ok
15:18:45.0844 0x1b98  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:18:45.0889 0x1b98  TrkWks - ok
15:18:45.0937 0x1b98  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:18:45.0969 0x1b98  TrustedInstaller - ok
15:18:45.0982 0x1b98  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:46.0002 0x1b98  tssecsrv - ok
15:18:46.0024 0x1b98  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:18:46.0046 0x1b98  TsUsbFlt - ok
15:18:46.0081 0x1b98  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:18:46.0094 0x1b98  TsUsbGD - ok
15:18:46.0143 0x1b98  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:18:46.0182 0x1b98  tunnel - ok
15:18:46.0209 0x1b98  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:18:46.0220 0x1b98  uagp35 - ok
15:18:46.0284 0x1b98  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:18:46.0334 0x1b98  udfs - ok
15:18:46.0360 0x1b98  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:18:46.0391 0x1b98  UI0Detect - ok
15:18:46.0413 0x1b98  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:18:46.0423 0x1b98  uliagpkx - ok
15:18:46.0446 0x1b98  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:18:46.0472 0x1b98  umbus - ok
15:18:46.0486 0x1b98  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:18:46.0513 0x1b98  UmPass - ok
15:18:46.0554 0x1b98  [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:18:46.0572 0x1b98  UMVPFSrv - ok
15:18:46.0603 0x1b98  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:18:46.0660 0x1b98  upnphost - ok
15:18:46.0688 0x1b98  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:18:46.0720 0x1b98  usbaudio - ok
15:18:46.0769 0x1b98  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:46.0812 0x1b98  usbccgp - ok
15:18:46.0862 0x1b98  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:18:46.0928 0x1b98  usbcir - ok
15:18:46.0933 0x1b98  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:18:46.0954 0x1b98  usbehci - ok
15:18:46.0971 0x1b98  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:18:47.0007 0x1b98  usbhub - ok
15:18:47.0019 0x1b98  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:18:47.0031 0x1b98  usbohci - ok
15:18:47.0086 0x1b98  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:18:47.0100 0x1b98  usbprint - ok
15:18:47.0137 0x1b98  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:47.0162 0x1b98  USBSTOR - ok
15:18:47.0189 0x1b98  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:18:47.0210 0x1b98  usbuhci - ok
15:18:47.0251 0x1b98  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:18:47.0279 0x1b98  usbvideo - ok
15:18:47.0307 0x1b98  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:18:47.0346 0x1b98  UxSms - ok
15:18:47.0385 0x1b98  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
15:18:47.0398 0x1b98  VaultSvc - ok
15:18:47.0431 0x1b98  [ 4006E66939B4D716C990256CF93D4BC1, 5E9366D8B684768B0188077C05B52B29D43B9A401A73D81045B9823458334223 ] VBAudioVACMME   C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys
15:18:47.0441 0x1b98  VBAudioVACMME - ok
15:18:47.0529 0x1b98  [ CD74DB141650A8E131F30250381E5A77, C3F6CC4FA70D73A0453126AD6FB1A8A285A6B66EC2C661D9B4F798F8D9CB3976 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
15:18:47.0545 0x1b98  VBoxAswDrv - ok
15:18:47.0584 0x1b98  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:18:47.0595 0x1b98  vdrvroot - ok
15:18:47.0641 0x1b98  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:18:47.0715 0x1b98  vds - ok
15:18:47.0738 0x1b98  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:47.0755 0x1b98  vga - ok
15:18:47.0775 0x1b98  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:18:47.0812 0x1b98  VgaSave - ok
15:18:47.0841 0x1b98  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:18:47.0857 0x1b98  vhdmp - ok
15:18:47.0881 0x1b98  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:18:47.0892 0x1b98  viaide - ok
15:18:47.0911 0x1b98  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:18:47.0922 0x1b98  volmgr - ok
15:18:47.0960 0x1b98  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:18:47.0978 0x1b98  volmgrx - ok
15:18:48.0011 0x1b98  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:18:48.0028 0x1b98  volsnap - ok
15:18:48.0062 0x1b98  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:18:48.0076 0x1b98  vsmraid - ok
15:18:48.0137 0x1b98  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:18:48.0242 0x1b98  VSS - ok
15:18:48.0261 0x1b98  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:18:48.0288 0x1b98  vwifibus - ok
15:18:48.0332 0x1b98  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:18:48.0373 0x1b98  W32Time - ok
15:18:48.0406 0x1b98  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:18:48.0431 0x1b98  WacomPen - ok
15:18:48.0470 0x1b98  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:18:48.0514 0x1b98  WANARP - ok
15:18:48.0520 0x1b98  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:18:48.0549 0x1b98  Wanarpv6 - ok
15:18:48.0601 0x1b98  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:18:48.0708 0x1b98  wbengine - ok
15:18:48.0736 0x1b98  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:18:48.0759 0x1b98  WbioSrvc - ok
15:18:48.0780 0x1b98  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:18:48.0831 0x1b98  wcncsvc - ok
15:18:48.0860 0x1b98  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:18:48.0895 0x1b98  WcsPlugInService - ok
15:18:48.0934 0x1b98  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:18:48.0944 0x1b98  Wd - ok
15:18:48.0995 0x1b98  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:18:49.0035 0x1b98  Wdf01000 - ok
15:18:49.0062 0x1b98  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:18:49.0124 0x1b98  WdiServiceHost - ok
15:18:49.0130 0x1b98  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:18:49.0149 0x1b98  WdiSystemHost - ok
15:18:49.0176 0x1b98  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
15:18:49.0203 0x1b98  WebClient - ok
15:18:49.0229 0x1b98  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:18:49.0278 0x1b98  Wecsvc - ok
15:18:49.0302 0x1b98  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:18:49.0335 0x1b98  wercplsupport - ok
15:18:49.0362 0x1b98  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:18:49.0394 0x1b98  WerSvc - ok
15:18:49.0420 0x1b98  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:49.0451 0x1b98  WfpLwf - ok
15:18:49.0481 0x1b98  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:18:49.0491 0x1b98  WIMMount - ok
15:18:49.0512 0x1b98  WinDefend - ok
15:18:49.0530 0x1b98  WinHttpAutoProxySvc - ok
15:18:49.0573 0x1b98  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:18:49.0614 0x1b98  Winmgmt - ok
15:18:49.0665 0x1b98  WinRing0_1_2_0 - ok
15:18:49.0746 0x1b98  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:18:49.0852 0x1b98  WinRM - ok
15:18:49.0896 0x1b98  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:18:49.0955 0x1b98  WinUsb - ok
15:18:49.0996 0x1b98  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:18:50.0068 0x1b98  Wlansvc - ok
15:18:50.0162 0x1b98  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:18:50.0217 0x1b98  wlidsvc - ok
15:18:50.0248 0x1b98  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:18:50.0260 0x1b98  WmiAcpi - ok
15:18:50.0299 0x1b98  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:18:50.0327 0x1b98  wmiApSrv - ok
15:18:50.0370 0x1b98  WMPNetworkSvc - ok
15:18:50.0406 0x1b98  [ B868BA9AE6C5F13FE0E54DCCE8FC9448, 4F66DD0A8519464D9A26E8CB5685CA0874E6558E2B066873EFDD1E833A0EE89E ] wolfkr          C:\Windows\system32\wolfk64.sys
15:18:50.0431 0x1b98  wolfkr - ok
15:18:50.0460 0x1b98  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:18:50.0475 0x1b98  WPCSvc - ok
15:18:50.0502 0x1b98  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:18:50.0521 0x1b98  WPDBusEnum - ok
15:18:50.0552 0x1b98  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:18:50.0586 0x1b98  ws2ifsl - ok
15:18:50.0607 0x1b98  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:18:50.0637 0x1b98  wscsvc - ok
15:18:50.0640 0x1b98  WSearch - ok
15:18:50.0723 0x1b98  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:18:50.0809 0x1b98  wuauserv - ok
15:18:50.0830 0x1b98  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:18:50.0864 0x1b98  WudfPf - ok
15:18:50.0882 0x1b98  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:50.0907 0x1b98  WUDFRd - ok
15:18:50.0923 0x1b98  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:18:50.0948 0x1b98  wudfsvc - ok
15:18:50.0971 0x1b98  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:18:51.0015 0x1b98  WwanSvc - ok
15:18:51.0020 0x1b98  ================ Scan global ===============================
15:18:51.0048 0x1b98  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:18:51.0087 0x1b98  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:18:51.0104 0x1b98  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:18:51.0128 0x1b98  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:18:51.0145 0x1b98  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:18:51.0154 0x1b98  [ Global ] - ok
15:18:51.0154 0x1b98  ================ Scan MBR ==================================
15:18:51.0180 0x1b98  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:18:51.0440 0x1b98  \Device\Harddisk0\DR0 - ok
15:18:51.0440 0x1b98  ================ Scan VBR ==================================
15:18:51.0442 0x1b98  [ 08AB10D05CFA8DBA842F8B731493C7E4 ] \Device\Harddisk0\DR0\Partition1
15:18:51.0459 0x1b98  \Device\Harddisk0\DR0\Partition1 - ok
15:18:51.0461 0x1b98  [ C877ECE1EF673F21D61823E0C204D988 ] \Device\Harddisk0\DR0\Partition2
15:18:51.0469 0x1b98  \Device\Harddisk0\DR0\Partition2 - ok
15:18:51.0470 0x1b98  ================ Scan generic autorun ======================
15:18:51.0815 0x1b98  [ 9AC062437035B077C0F3B1BD738EC82A, DAC42AA903C3A6F7CB196D3D738FFDDADC8BD2138F0703F1DB035337540D53B7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:18:52.0077 0x1b98  RtHDVCpl - ok
15:18:52.0192 0x1b98  [ 638644168D9B5B5093AD84C9C162B550, BDBAB13BA6D369B7F87F721518F7EBD4B14D85B80BCC1E37FA929BB77200401B ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
15:18:52.0256 0x1b98  NvBackend - ok
15:18:52.0284 0x1b98  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
15:18:52.0304 0x1b98  ShadowPlay - ok
15:18:52.0462 0x1b98  [ 938FA6F63B210FB8EF5A7B2FC1229431, 545DDA9C32DF14B50688F8192A345FE66D2DB3F8763ECBF85B38AC829E49E1D9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:18:52.0587 0x1b98  AvastUI.exe - ok
15:18:52.0635 0x1b98  [ 9153F2335BCDB87F41559CF066223BF9, C0F89F9A63B1F49F007A971F5180128EC0AFBBBF7CFA82CA1FA44CB9DB5F8BB3 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:18:52.0653 0x1b98  SunJavaUpdateSched - ok
15:18:52.0729 0x1b98  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:18:52.0813 0x1b98  Sidebar - ok
15:18:52.0839 0x1b98  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:18:52.0870 0x1b98  mctadmin - ok
15:18:52.0899 0x1b98  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:18:52.0936 0x1b98  Sidebar - ok
15:18:52.0943 0x1b98  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:18:52.0961 0x1b98  mctadmin - ok
15:18:52.0962 0x1b98  Waiting for KSN requests completion. In queue: 200
15:18:53.0962 0x1b98  Waiting for KSN requests completion. In queue: 200
15:18:54.0965 0x1b98  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
15:18:54.0966 0x1b98  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41010 ( enabled )
15:18:56.0103 0x1b98  ============================================================
15:18:56.0103 0x1b98  Scan finished
15:18:56.0103 0x1b98  ============================================================
15:18:56.0108 0x0ba0  Detected object count: 0
15:18:56.0108 0x0ba0  Actual detected object count: 0
15:49:52.0504 0x1848  Deinitialize success
         

Alt 03.04.2015, 13:45   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.04.2015, 17:28   #8
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Code:
ATTFilter
ComboFix 15-04-01.01 - Agando 03.04.2015  17:57:56.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.2492 [GMT 2:00]
ausgeführt von:: c:\users\Agando\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-03 bis 2015-04-03  ))))))))))))))))))))))))))))))
.
.
2015-04-03 16:25 . 2015-04-03 16:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-01 19:51 . 2015-04-01 19:51	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A00B05D8-2ED1-4943-8BEB-27892F096B45}\offreg.dll
2015-04-01 12:49 . 2015-04-01 13:05	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-01 12:49 . 2015-04-01 12:54	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 12:49 . 2015-04-01 12:53	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 10:53 . 2015-04-01 10:55	--------	d-----w-	C:\FRST
2015-04-01 03:07 . 2015-03-23 01:32	12002392	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A00B05D8-2ED1-4943-8BEB-27892F096B45}\mpengine.dll
2015-03-30 16:30 . 2015-04-02 21:39	--------	d-----w-	C:\Diablo II
2015-03-30 16:03 . 2015-03-30 16:17	--------	d-----w-	c:\users\Agando\D2LOD-1.12A-deDE
2015-03-30 16:01 . 2015-03-30 16:20	--------	d-----w-	c:\users\Agando\D2-1.12A-enGB
2015-03-25 14:50 . 2015-03-25 14:50	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-03-25 08:42 . 2015-03-25 08:42	--------	d-----w-	c:\users\Agando\AppData\Local\Avg2014
2015-03-24 06:41 . 2015-03-24 06:41	--------	d-----w-	c:\users\Agando\AppData\Roaming\TuneUp Software
2015-03-24 06:41 . 2015-03-24 06:41	--------	d-----w-	c:\users\Agando\AppData\Local\TuneUp Software
2015-03-24 06:38 . 2015-03-24 06:38	--------	d-sh--w-	c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-24 06:38 . 2015-03-24 09:05	--------	d-----w-	c:\programdata\TuneUp Software
2015-03-24 06:38 . 2015-03-24 06:38	--------	d--h--w-	c:\programdata\Common Files
2015-03-24 06:38 . 2015-03-24 06:38	--------	d-----w-	c:\program files\Common Files\VST2
2015-03-24 06:38 . 2015-03-24 06:38	--------	d-----w-	c:\program files\Common Files\Propellerhead Software
2015-03-24 06:38 . 2015-03-24 06:38	--------	d-----w-	c:\program files (x86)\VstPlugins
2015-03-24 06:38 . 2015-03-24 06:38	--------	d-----w-	c:\program files (x86)\Common Files\Propellerhead Software
2015-03-24 06:38 . 2015-03-24 06:38	--------	d-----w-	c:\users\Agando\AppData\Roaming\OpenCandy
2015-03-24 06:38 . 2015-03-25 14:48	--------	d-----w-	c:\program files\Image-Line
2015-03-24 06:37 . 2015-03-24 06:37	--------	d-----w-	c:\program files (x86)\DSPRobotics
2015-03-24 06:31 . 2015-03-24 06:37	--------	d-----w-	c:\program files (x86)\Image-Line
2015-03-23 14:06 . 2015-04-02 16:13	--------	d-----w-	C:\Temp
2015-03-22 16:59 . 2015-03-22 16:59	--------	d-----w-	c:\users\Agando\AppData\Roaming\AVAST Software
2015-03-22 16:54 . 2015-03-22 16:54	136752	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-03-22 16:54 . 2015-03-22 16:54	268640	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-03-22 16:54 . 2015-03-22 16:54	441728	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-03-22 16:54 . 2015-03-22 16:54	65736	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-03-22 16:54 . 2015-03-22 16:54	88408	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-03-22 16:54 . 2015-03-22 16:54	29168	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-03-22 16:54 . 2015-03-22 16:54	93528	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-03-22 16:54 . 2015-03-22 16:53	1047320	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-03-22 16:54 . 2015-03-22 16:53	28144	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2015-03-22 16:54 . 2015-03-22 16:54	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-03-22 16:53 . 2015-03-22 16:53	43112	----a-w-	c:\windows\avastSS.scr
2015-03-22 16:53 . 2015-03-22 16:53	449896	----a-w-	c:\windows\system32\drivers\aswNdisFlt.sys
2015-03-22 16:52 . 2015-03-22 16:52	--------	d-----w-	c:\program files\AVAST Software
2015-03-22 06:57 . 2015-03-22 06:57	--------	d-----w-	c:\users\Agando\AppData\Local\Gameforge4d
2015-03-21 17:45 . 2015-04-01 12:50	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-21 09:38 . 2015-03-21 09:44	--------	d-----w-	C:\AdwCleaner
2015-03-21 06:08 . 2015-03-25 15:03	--------	d-----w-	c:\users\Agando\AppData\Local\FreeSystemUtilities
2015-03-20 16:17 . 2015-03-20 16:17	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2015-03-20 16:16 . 2015-03-13 15:38	622224	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2015-03-14 18:35 . 2015-03-14 20:00	--------	d-----w-	c:\users\Agando\AppData\Local\PAYDAY 2
2015-03-11 08:48 . 2015-03-11 08:48	--------	d-----r-	C:\MSOCache
2015-03-10 16:22 . 2015-03-10 16:22	0	----a-w-	c:\windows\SysWow64\sho4835.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-28 03:44 . 2014-10-20 11:10	1316000	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:44 . 2014-10-20 11:10	1316000	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:43 . 2014-10-20 11:10	1756424	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2014-10-20 11:10	1570672	----a-w-	c:\windows\system32\nvspcap64.dll
2015-03-13 19:41 . 2015-01-01 13:12	24775368	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2015-03-13 19:41 . 2014-10-21 12:22	18580512	----a-w-	c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2014-10-21 12:22	16022016	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2015-03-13 19:41 . 2014-10-21 12:22	2906928	----a-w-	c:\windows\SysWow64\nvapi.dll
2015-03-13 19:41 . 2014-10-20 11:09	73872	----a-w-	c:\windows\system32\OpenCL.dll
2015-03-13 19:41 . 2014-10-20 11:09	60560	----a-w-	c:\windows\SysWow64\OpenCL.dll
2015-03-13 19:41 . 2014-10-20 11:08	3303448	----a-w-	c:\windows\system32\nvapi64.dll
2015-03-13 19:41 . 2014-10-20 11:08	14121624	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2015-03-13 16:16 . 2014-10-20 11:09	6861968	----a-w-	c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2014-10-20 11:09	3526856	----a-w-	c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2014-10-20 11:09	935056	----a-w-	c:\windows\system32\nvvsvc.exe
2015-03-13 16:16 . 2014-10-20 11:09	62608	----a-w-	c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2014-10-20 11:09	386248	----a-w-	c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2014-10-20 11:09	2559808	----a-w-	c:\windows\system32\nvsvcr.dll
2015-03-11 13:10 . 2014-10-20 11:09	4246327	----a-w-	c:\windows\system32\nvcoproc.bin
2015-02-24 03:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-09 16:00 . 2015-02-09 16:00	0	----a-w-	c:\windows\SysWow64\shoC9ED.tmp
2015-01-23 23:55 . 2015-01-23 23:55	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-22 5511352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys;c:\windows\SYSNATIVE\drivers\scramby_out.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 wolfkr;wolfkr;c:\windows\system32\wolfk64.sys;c:\windows\SYSNATIVE\wolfk64.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 13677149
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - 13677149
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 15:21	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31 09:11]
.
2015-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-22 16:54	722400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://terra.im/
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Agando\AppData\Local\Temp\ie_script.htm
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.192.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,e8,b5,d7,c7,40,eb,4a,9a,6c,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,e8,b5,d7,c7,40,eb,4a,9a,6c,6d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-03  18:27:22
ComboFix-quarantined-files.txt  2015-04-03 16:27
ComboFix2.txt  2015-04-03 15:45
.
Vor Suchlauf: 15 Verzeichnis(se), 249.291.841.536 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 249.227.153.408 Bytes frei
.
- - End Of File - - 5EA8716CBB8E98C04FD2AFA1EBA9A925
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 04.04.2015, 10:33   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.04.2015, 12:14   #10
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.04.2015
Suchlauf-Zeit: 12:07:27
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.04.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Agando

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353616
Verstrichene Zeit: 9 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 2
PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], 
PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy\1F9BD4E29AE6449EAF04DE43C8AC2034, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], 

Dateien: 4
PUP.Optional.AZLyrics.A, C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, In Quarantäne, [b7db97d134565adcc38ab3179f6409f7], 
PUP.Optional.AZLyrics.A, C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, In Quarantäne, [771bf870503a3bfbc588e9e1d52e7f81], 
PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy\1F9BD4E29AE6449EAF04DE43C8AC2034\du.exe, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], 
PUP.Optional.OpenCandy, C:\Users\Agando\AppData\Roaming\OpenCandy\1F9BD4E29AE6449EAF04DE43C8AC2034\TuneUpUtilities2014_de-DE_2200564.exe, In Quarantäne, [9af8e0882169af875937b4cc26dd7d83], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 13:00:59
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Agando - AGANDO-PC
# Gestarted von : C:\Users\Agando\Downloads\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\<a href="hxxp://cityadspix.com/tsclick-FDQCWPPK-JHFDQDB0?url=http%3A%2F%2Fwww.svyaznoy.ru%2Fcatalog%2Fgamepad%2F7791%2F1772740&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9&lt=2&tl=3&im=NTY1LTAtMTQyODE0NjA4Ny0xNzM3NDEzMQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=053100320a380a3505&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.118

[C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420003924&from=cvs2&uid=WDCXWD5000AAKX-22ERMA0_WD-WCC2EJUCY2SHCY2SH&q={searchTerms}

*************************

AdwCleaner[R0].txt - [3027 Bytes] - [21/03/2015 11:38:15]
AdwCleaner[R1].txt - [1286 Bytes] - [04/04/2015 12:59:30]
AdwCleaner[S0].txt - [3012 Bytes] - [21/03/2015 11:44:34]
AdwCleaner[S1].txt - [1206 Bytes] - [04/04/2015 13:00:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1265  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Agando on 04.04.2015 at 13:09:33,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2015 at 13:13:03,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ich hatte gedacht, dass ich istart.webssearches.com mal behoben hatte
dass es jetzt wieder auftaucht gefällt mir nicht ^^

www.svyaznoy.ru scheint ein guter Fund zu sein für mein Problem ^^ aber behoben ist es immer noch nicht :/ war eben kurz auf der Website von Mediamarkt und dann kam oben wieder die Werbung.

Ich möchte mich bis jetzt schon mal bedanken für die Hilfe ^^

Geändert von Caladrius (04.04.2015 um 12:30 Uhr)

Alt 04.04.2015, 20:06   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



das frische FRST log fehlt noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.04.2015, 13:35   #12
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Agando (administrator) on AGANDO-PC on 05-04-2015 14:33:44
Running from C:\Users\Agando\Downloads
Loaded Profiles: Agando (Available profiles: Agando)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\GameforgeLive\gfl_client.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3527986853-237272119-1680365976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64861;https=127.0.0.1:64861
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://terra.im/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3527986853-237272119-1680365976-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-22] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-22] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default
FF Homepage: hxxp://terra.im/
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\searchplugins\defaultsearch.xml [2015-02-01]
FF Extension: Avira Browser Safety - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: Amazon-Icon - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\amazon-icon@giga.de [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Google Search) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (WallPepper ВКонтакте) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pepjgkdpkihjnbdaggonbpphlfkbhdli [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-22] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-22] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-03-22] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-22] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-03-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-22] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [29480 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [34336 2007-08-08] (RapidSolution Software AG)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-22] (Avast Software)
S3 wolfkr; C:\Windows\system32\wolfk64.sys [86352 2014-12-20] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 00:32 - 2015-04-05 00:32 - 00214323 _____ () C:\Users\Agando\Desktop\Fiat.jpeg
2015-04-05 00:32 - 2015-04-05 00:32 - 00093167 _____ () C:\Users\Agando\Desktop\Fressnapf.jpeg
2015-04-05 00:32 - 2015-04-05 00:32 - 00082823 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2015-04-05 00:32 - 2015-04-05 00:32 - 00038296 _____ () C:\Users\Agando\Desktop\Zeugnis.jpeg
2015-04-05 00:14 - 2015-04-05 00:14 - 00000098 ____H () C:\Users\Agando\Desktop\.~lock.Bewerbung rewe.doc#
2015-04-05 00:02 - 2015-04-05 00:03 - 00000000 ____D () C:\Users\Agando\Desktop\Neuer Ordner
2015-04-04 23:44 - 2015-04-04 23:44 - 00016368 _____ () C:\Users\Agando\Desktop\Bewerbung rewe.odt
2015-04-04 18:04 - 2015-04-04 18:04 - 00025040 _____ () C:\Users\Agando\Desktop\Lebenslauf.odt
2015-04-04 13:13 - 2015-04-04 13:13 - 00000696 _____ () C:\Users\Agando\Desktop\JRT.txt
2015-04-04 13:09 - 2015-04-04 13:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-AGANDO-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 13:09 - 2015-04-04 13:09 - 00000000 ____D () C:\RegBackup
2015-04-04 13:08 - 2015-04-04 13:08 - 02690981 _____ (Thisisu) C:\Users\Agando\Downloads\JRT.exe
2015-04-04 12:53 - 2015-04-04 12:53 - 02208768 _____ () C:\Users\Agando\Downloads\AdwCleaner_4.200.exe
2015-04-04 12:06 - 2015-04-04 12:06 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-04 12:06 - 2015-04-04 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-04 12:05 - 2015-04-04 12:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Agando\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-04 12:05 - 2015-04-04 12:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-04 12:05 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-04 12:05 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-04 02:27 - 2015-04-04 02:27 - 00000914 _____ () C:\Users\Agando\Desktop\Wörter.txt
2015-04-04 02:27 - 2015-04-04 02:27 - 00000261 _____ () C:\Users\Agando\Desktop\Engel.txt
2015-04-04 00:28 - 2015-04-04 00:28 - 00001020 _____ () C:\Users\Agando\Desktop\vergangenheit.txt
2015-04-03 18:27 - 2015-04-03 18:27 - 00017165 _____ () C:\ComboFix.txt
2015-04-03 17:30 - 2015-04-03 17:30 - 00013336 _____ () C:\Users\Agando\Desktop\ComboFix - Verknüpfung.lnk
2015-04-03 17:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-03 17:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-03 17:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-03 17:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-03 15:59 - 2015-04-03 18:27 - 00000000 ____D () C:\Qoobox
2015-04-03 15:58 - 2015-04-03 17:44 - 00000000 ____D () C:\Windows\erdnt
2015-04-03 15:57 - 2015-04-03 17:27 - 05617096 ____R (Swearware) C:\Users\Agando\Downloads\ComboFix.exe
2015-04-01 16:13 - 2015-04-01 16:13 - 00072110 _____ () C:\Users\Agando\Desktop\TDSSKiller.3.0.0.44_01.04.2015_15.17.05_log.zip
2015-04-01 15:10 - 2015-04-01 15:10 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Agando\Downloads\tdsskiller.exe
2015-04-01 14:49 - 2015-04-04 12:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 14:49 - 2015-04-01 15:05 - 00000000 ____D () C:\Users\Agando\Desktop\mbar
2015-04-01 14:49 - 2015-04-01 15:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-01 14:49 - 2015-04-01 14:49 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Agando\Downloads\mbar-1.09.1.1004.exe
2015-04-01 14:49 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 13:13 - 2015-04-01 13:40 - 00014066 _____ () C:\Users\Agando\Desktop\Gmer.log
2015-04-01 13:03 - 2015-04-01 13:03 - 00380416 _____ () C:\Users\Agando\Downloads\Gmer-19357.exe
2015-04-01 13:00 - 2015-04-01 13:00 - 00029297 _____ () C:\Users\Agando\Desktop\Addition.txt
2015-04-01 12:57 - 2015-04-01 12:57 - 00036862 _____ () C:\Users\Agando\Desktop\FRST.txt
2015-04-01 12:55 - 2015-04-01 12:55 - 00029297 _____ () C:\Users\Agando\Downloads\Addition.txt
2015-04-01 12:54 - 2015-04-05 14:33 - 00019066 _____ () C:\Users\Agando\Downloads\FRST.txt
2015-04-01 12:53 - 2015-04-05 14:33 - 00000000 ____D () C:\FRST
2015-04-01 12:53 - 2015-04-01 12:53 - 02095616 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-04-01 12:52 - 2015-04-01 12:52 - 00000000 _____ () C:\Users\Agando\defogger_reenable
2015-04-01 12:48 - 2015-04-01 12:48 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger (1).exe
2015-04-01 12:45 - 2015-04-01 12:52 - 00000474 _____ () C:\Users\Agando\Desktop\defogger_disable.log
2015-04-01 12:45 - 2015-04-01 12:48 - 00000246 _____ () C:\Users\Agando\Downloads\defogger_enable.log
2015-04-01 12:44 - 2015-04-01 12:44 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger.exe
2015-03-31 14:54 - 2015-03-31 14:54 - 00000000 ____D () C:\Users\Agando\Downloads\Gameforge Live
2015-03-30 18:36 - 2015-03-30 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2015-03-30 18:30 - 2015-04-03 20:01 - 00000000 ____D () C:\Diablo II
2015-03-30 18:03 - 2015-03-30 18:17 - 00000000 ____D () C:\Users\Agando\D2LOD-1.12A-deDE
2015-03-30 18:01 - 2015-03-30 18:20 - 00000000 ____D () C:\Users\Agando\D2-1.12A-enGB
2015-03-25 16:50 - 2015-03-25 16:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-25 10:42 - 2015-03-25 10:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\Avg2014
2015-03-24 19:46 - 2015-03-24 19:46 - 00000000 ____D () C:\Users\Agando\Documents\Abelssoft
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TuneUp Software
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Local\TuneUp Software
2015-03-24 08:38 - 2015-03-25 16:48 - 00000000 ____D () C:\Program Files\Image-Line
2015-03-24 08:38 - 2015-03-24 11:05 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\Documents\Image-Line
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\VST2
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-03-24 08:37 - 2015-03-25 16:48 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-03-24 08:37 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2015-03-24 08:31 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-03-23 16:06 - 2015-04-02 18:13 - 00000000 ____D () C:\Temp
2015-03-22 18:59 - 2015-03-22 18:59 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\AVAST Software
2015-03-22 18:56 - 2015-03-22 18:56 - 00001982 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00001922 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-22 18:54 - 2015-03-24 07:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-22 18:54 - 2015-03-22 18:54 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-22 18:54 - 2015-03-22 18:54 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-22 18:52 - 2015-03-22 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-22 18:32 - 2015-04-04 13:02 - 00103206 _____ () C:\Windows\PFRO.log
2015-03-22 09:05 - 2015-03-22 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-03-22 08:57 - 2015-03-22 08:57 - 00001067 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Agando\AppData\Local\Gameforge4d
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\telltale games
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\my games
2015-03-21 19:45 - 2015-04-01 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:49 - 2015-04-04 13:02 - 00002175 _____ () C:\Windows\setupact.log
2015-03-21 11:49 - 2015-03-21 11:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 11:38 - 2015-04-04 13:01 - 00000000 ____D () C:\AdwCleaner
2015-03-21 08:08 - 2015-03-25 17:03 - 00000000 ____D () C:\Users\Agando\AppData\Local\FreeSystemUtilities
2015-03-20 18:17 - 2015-03-20 18:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-20 18:16 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 18:13 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 18:13 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-14 20:35 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\Agando\AppData\Local\PAYDAY 2
2015-03-11 10:48 - 2015-03-11 10:48 - 00000000 ___RD () C:\MSOCache
2015-03-10 18:22 - 2015-03-10 18:22 - 00000000 _____ () C:\Windows\SysWOW64\sho4835.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 14:21 - 2014-12-31 11:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-05 11:47 - 2014-10-20 12:45 - 01445183 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 05:57 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-05 05:57 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 03:01 - 2014-10-21 22:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TS3Client
2015-04-05 00:33 - 2014-11-08 06:29 - 00000000 ____D () C:\Users\Agando\.gimp-2.8
2015-04-05 00:32 - 2014-11-08 06:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\gtk-2.0
2015-04-04 23:44 - 2014-12-28 07:15 - 00000000 ____D () C:\Users\Agando\Documents\Text
2015-04-04 18:48 - 2014-11-09 04:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Audacity
2015-04-04 18:21 - 2014-12-31 11:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 13:08 - 2011-04-12 09:43 - 00699542 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 13:08 - 2011-04-12 09:43 - 00149424 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 13:08 - 2009-07-14 07:13 - 01620888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 13:02 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-04 13:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 12:21 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-03 18:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-03 17:45 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-03 17:26 - 2014-10-21 14:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-01 14:09 - 2014-12-15 02:00 - 00000000 ____D () C:\Users\Agando\Desktop\Ordner
2015-04-01 12:52 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando
2015-03-30 18:32 - 2014-10-25 02:12 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-28 22:08 - 2014-10-21 15:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-25 17:08 - 2014-12-13 22:29 - 00000000 ____D () C:\Users\Agando\AppData\Local\Akamai
2015-03-25 17:03 - 2015-01-02 21:39 - 00000000 ____D () C:\ProgramData\FreeSystemUtilities
2015-03-25 15:02 - 2014-11-13 23:03 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Skype
2015-03-24 19:45 - 2014-11-02 01:06 - 00000000 ____D () C:\Users\Agando\AppData\Local\Abelssoft
2015-03-24 15:29 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando\AppData\Local\VirtualStore
2015-03-23 17:26 - 2015-02-14 14:06 - 00000000 ____D () C:\Program Files (x86)\phase5
2015-03-23 08:05 - 2014-11-08 05:52 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OBS
2015-03-23 03:23 - 2015-02-01 05:36 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\newSI_620
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-22 18:51 - 2015-01-01 15:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-22 08:57 - 2014-12-27 23:54 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-03-21 11:44 - 2014-10-20 12:51 - 00000997 _____ () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-21 09:05 - 2014-11-08 05:02 - 00000000 ____D () C:\Users\Agando\AppData\Local\Windows Live
2015-03-21 08:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 08:24 - 2014-10-21 15:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-21 08:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-21 07:38 - 2014-10-30 15:11 - 00000000 ____D () C:\Fraps
2015-03-21 06:44 - 2014-11-02 01:06 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-03-20 19:53 - 2014-11-08 05:51 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-20 18:17 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 18:17 - 2014-10-20 13:09 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-20 18:14 - 2014-10-20 13:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-19 10:32 - 2014-11-08 15:49 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\SoftGrid Client
2015-03-13 21:41 - 2015-01-01 15:12 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2014-10-20 13:09 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2014-10-20 13:09 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 15:10 - 2014-10-20 13:09 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2015-04-05 00:32 - 2015-04-05 00:32 - 0082823 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\Quarantine.exe
C:\Users\Agando\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 16:24

==================== End Of Log ============================
         
--- --- ---

Alt 05.04.2015, 17:00   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



In welchem Browser hast Du noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.04.2015, 18:13   #14
Caladrius
 
Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Ich benutze ja nur Google Chrome und da die Werbung nur manchmal auftaucht hab ich keine Ahnung ob das überhaupt in den anderen Browsern noch ist.

Alt 06.04.2015, 10:44   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Russische Werbung umgeleitet.



Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Webseiten werden auf Russische Werbung umgeleitet.
adware, antivirus, avira, bluestacks, desktop, fehler, google, helper, home, homepage, installation, installmanager.exe, internet, macbook pro, maus, mozilla, onlineshop, problem, realtek, registry, rundll, russische seite, security, services.exe, software, svchost.exe, system, teamspeak, werbung, werbung im browser, werbung in neuem tab, windows



Ähnliche Themen: Windows 7: Webseiten werden auf Russische Werbung umgeleitet.


  1. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 28.10.2015 (24)
  2. Windows 7 Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.09.2015 (10)
  3. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 19.08.2015 (11)
  4. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.07.2015 (8)
  5. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.04.2015 (31)
  6. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 11.02.2015 (19)
  7. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 23.01.2015 (17)
  8. Windows 8.1: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 13.01.2015 (8)
  9. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 10.01.2015 (10)
  10. Windows 7: WEBSEITEN werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 03.10.2014 (5)
  11. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 11.09.2014 (13)
  12. Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 27.07.2014 (7)
  13. Windows 7: Webseiten werden auf Werbung umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (9)
  14. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.01.2014 (6)
  15. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.11.2013 (12)
  16. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  17. Windows 8: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.08.2013 (5)

Zum Thema Windows 7: Webseiten werden auf Russische Werbung umgeleitet. - Hallo, ich habe seit einigen Tagen das Problem, dass wenn ich im Internet surfe, dass sich auf manchen Seiten, die jetzt nichts besonderes enthalten am oberen Rand des Browsers plötzlich - Windows 7: Webseiten werden auf Russische Werbung umgeleitet....
Archiv
Du betrachtest: Windows 7: Webseiten werden auf Russische Werbung umgeleitet. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.