Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649

funkedelic · 12.03.2013, 02:59

Hi

meine Freundin hat sich auf irgendeiner Ford Taunus Fan Siter wohl irgendwas übles eingefangen.
War leider grad nicht zu Hause. Sie meinte das Sie eine zip runterladen wollte. Danach war das System unbrauchbar langsam und Firefox leitete alles auf Dubiose seiten um.

Win 7 Up-to-Date + Securety Essentials

Hab dann erstmal nen Scann mit Desinfect gemacht, der erste Scan lieferte keine ergebnisse. Nach 2 Tagen hab ich mich nochmal entschlossen zu Scannen und sie da er hat einiges gefunden(Rechner war zwischenzeitlich nicht an!).

Leider finde ich nix hilfreiches im Netz, hab auch angst davor Windows zu Sarten und weiteren Schaden anzurichten.

Hab esrtmal alle Dateien mit .VIRUS vrsehen lassen, sollten eigentlich keine wichtigen Systemdateien dabei sein.

Gibts da noch rettung für das System oder sollte ich alles Wichtige sichern und neu aufsetzen? (Hab irgendwie in erinnerung das das mal probleme gab wegen der Windows Benutzer verwaltung?)

Muss ich mir gedanken um andere rechner machen die im Netzwerk waren?

Vielen dank schon ein mal für eure mühen!

mfg M.H.

Infizierte Datei ggf. Datei in Archiv Fund durch Avira Fund durch Bitdefender Fund durch ClamAV Fund durch Kaspersky

/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20565_none_610aea6876e58b53/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16447_none_6098ee095db5e655/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20551_none_6111b92c76e10a06/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Program Files/Microsoft Office/Office12/POWERPNT.EXE Win.Trojan.Agent-232649
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20553_none_6113b9c076df3cb4/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16457_none_608e1e1d5dbe0246/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16455_none_608c1d895dbfcf98/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7600.16385_none_abb2bcfa5b01dea9/msinfo32.exe Win.Trojan.Expiro-1161
/media/F4AAA8A5AAA86638/Windows/System32/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20562_none_6107e98a76e83f4e/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7600.16385_none_861b553e4c3473c1/msinfo32.exe Win.Trojan.Expiro-1161
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20557_none_6117bae876dba210/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16446_none_6097edbf5db6ccfe/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20573_none_60fe19e876ef7496/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20554_none_6114ba0a76de560b/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16450_none_60871c175dc450e5/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16448_none_6099ee535db4ffac/mshtmled.dll Win.Trojan.Agent-228583
/media/F4AAA8A5AAA86638/Windows/winsxs/x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16464_none_60804d535dc8d232/mshtmled.dll Win.Trojan.Agent-228583

cosinus · 13.03.2013, 13:20

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

funkedelic · 13.03.2013, 13:41

Hi

ich glaube Desinfect hat schon gute Arbeit geleistet. Nachdem umbenennen auf .VIRUS hat nichts mehr angeschlagen.
Wieso finden die Scanner die Sachen nicht mehr, wegen dem .VIRUS? Sind ja noch auf der Platte.

Windows musste ich neu Aktivieren weil der Key weg war, hatte irgendwas gesagt von Systemdateien seien verändert.
MSSE wollte auch nicht mehr, da denke ich aber das es am fehlenden Key lag, da zickt MSSE ja sofort rum. Habs deinstalliert und Avira Installiert, das läuft jetzt.

Malewarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.12.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
silwi :: SILWI-PC [Administrator]

Schutz: Aktiviert

12.03.2013 11:33:34
mbam-log-2013-03-12 (11-33-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193559
Laufzeit: 8 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-12 18:48:31
-----------------------------
18:48:31.033    OS Version: Windows 6.1.7601 Service Pack 1
18:48:31.033    Number of processors: 2 586 0x6802
18:48:31.033    ComputerName: SILWI-PC  UserName: silwi
18:48:32.063    Initialize success
18:48:46.680    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:48:46.695    Disk 0 Vendor: FUJITSU_MHX2300BT 0000000B Size: 286168MB BusType: 3
18:48:46.742    Disk 0 MBR read successfully
18:48:46.758    Disk 0 MBR scan
18:48:46.758    Disk 0 Windows 7 default MBR code
18:48:46.789    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:48:46.883    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        30620 MB offset 206848
18:48:46.961    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        92160 MB offset 62916608
18:48:46.992    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       163286 MB offset 251660288
18:48:47.007    Disk 0 scanning sectors +586070016
18:48:47.085    Disk 0 scanning C:\Windows\system32\drivers
18:48:55.634    Service scanning
18:49:06.320    Service MpKsld52a7ae9 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{018D72E6-52BC-4CD2-8F40-DAC5FF696793}\MpKsld52a7ae9.sys **LOCKED** 32
18:49:14.074    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:49:20.267    Modules scanning
18:49:34.088    Disk 0 trace - called modules:
18:49:34.120    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x854db1f8]<<
18:49:34.120    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86388648]
18:49:34.135    3 CLASSPNP.SYS[8b78559e] -> nt!IofCallDriver -> [0x8623d8d8]
18:49:34.135    5 ACPI.sys[8b1593d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85515610]
18:49:34.151    \Driver\atapi[0x8622bc50] -> IRP_MJ_CREATE -> 0x854db1f8
18:49:34.151    Scan finished successfully
18:50:17.737    Disk 0 MBR has been saved successfully to "I:\MBR.dat"
18:50:17.753    The log file has been saved successfully to "I:\aswMBR.txt"

tdsskiller

Code:

ATTFilter

18:50:33.0914 2396  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:50:34.0242 2396  ============================================================
18:50:34.0242 2396  Current date / time: 2013/03/12 18:50:34.0242
18:50:34.0242 2396  SystemInfo:
18:50:34.0242 2396  
18:50:34.0242 2396  OS Version: 6.1.7601 ServicePack: 1.0
18:50:34.0242 2396  Product type: Workstation
18:50:34.0242 2396  ComputerName: SILWI-PC
18:50:34.0242 2396  UserName: silwi
18:50:34.0242 2396  Windows directory: C:\Windows
18:50:34.0242 2396  System windows directory: C:\Windows
18:50:34.0242 2396  Processor architecture: Intel x86
18:50:34.0242 2396  Number of processors: 2
18:50:34.0258 2396  Page size: 0x1000
18:50:34.0258 2396  Boot type: Normal boot
18:50:34.0258 2396  ============================================================
18:50:36.0847 2396  Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:50:36.0847 2396  Drive \Device\Harddisk1\DR1 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:50:36.0863 2396  ============================================================
18:50:36.0863 2396  \Device\Harddisk0\DR0:
18:50:36.0863 2396  MBR partitions:
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3BCE000
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3C00800, BlocksNum 0xB400000
18:50:36.0863 2396  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xF000800, BlocksNum 0x13EEB000
18:50:36.0863 2396  \Device\Harddisk1\DR1:
18:50:36.0863 2396  MBR partitions:
18:50:36.0863 2396  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F00, BlocksNum 0xF020FF
18:50:36.0863 2396  ============================================================
18:50:36.0863 2396  C: <-> \Device\Harddisk0\DR0\Partition2
18:50:36.0894 2396  D: <-> \Device\Harddisk0\DR0\Partition3
18:50:36.0925 2396  E: <-> \Device\Harddisk0\DR0\Partition4
18:50:36.0925 2396  ============================================================
18:50:36.0925 2396  Initialize success
18:50:36.0925 2396  ============================================================
18:51:48.0311 2820  ============================================================
18:51:48.0311 2820  Scan started
18:51:48.0311 2820  Mode: Manual; TDLFS; 
18:51:48.0311 2820  ============================================================
18:51:48.0654 2820  ================ Scan system memory ========================
18:51:48.0654 2820  System memory - ok
18:51:48.0654 2820  ================ Scan services =============================
18:51:48.0888 2820  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:51:48.0888 2820  1394ohci - ok
18:51:48.0935 2820  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:51:48.0935 2820  ACPI - ok
18:51:48.0982 2820  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:51:48.0982 2820  AcpiPmi - ok
18:51:49.0075 2820  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:51:49.0075 2820  AdobeFlashPlayerUpdateSvc - ok
18:51:49.0138 2820  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:51:49.0138 2820  adp94xx - ok
18:51:49.0169 2820  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:51:49.0169 2820  adpahci - ok
18:51:49.0200 2820  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:51:49.0200 2820  adpu320 - ok
18:51:49.0247 2820  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:51:49.0247 2820  AeLookupSvc - ok
18:51:49.0325 2820  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
18:51:49.0325 2820  AFD - ok
18:51:49.0372 2820  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:51:49.0372 2820  agp440 - ok
18:51:49.0419 2820  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
18:51:49.0419 2820  aic78xx - ok
18:51:49.0465 2820  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
18:51:49.0465 2820  ALG - ok
18:51:49.0481 2820  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:51:49.0481 2820  aliide - ok
18:51:49.0543 2820  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:51:49.0543 2820  AMD External Events Utility - ok
18:51:49.0559 2820  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:51:49.0559 2820  amdagp - ok
18:51:49.0590 2820  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:51:49.0590 2820  amdide - ok
18:51:49.0637 2820  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:51:49.0637 2820  AmdK8 - ok
18:51:49.0668 2820  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:51:49.0668 2820  AmdPPM - ok
18:51:49.0699 2820  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:51:49.0699 2820  amdsata - ok
18:51:49.0731 2820  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:51:49.0731 2820  amdsbs - ok
18:51:49.0762 2820  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:51:49.0762 2820  amdxata - ok
18:51:49.0809 2820  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
18:51:49.0824 2820  AppID - ok
18:51:49.0871 2820  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:51:49.0871 2820  AppIDSvc - ok
18:51:49.0918 2820  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
18:51:49.0918 2820  Appinfo - ok
18:51:50.0058 2820  [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:51:50.0058 2820  Apple Mobile Device - ok
18:51:50.0105 2820  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:51:50.0105 2820  AppMgmt - ok
18:51:50.0167 2820  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:51:50.0167 2820  arc - ok
18:51:50.0199 2820  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:51:50.0199 2820  arcsas - ok
18:51:50.0230 2820  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:51:50.0230 2820  AsyncMac - ok
18:51:50.0277 2820  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
18:51:50.0277 2820  atapi - ok
18:51:50.0370 2820  [ B01751CC563AECAC09BBE36AAA21FBEF ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:51:50.0386 2820  athr - ok
18:51:50.0620 2820  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:51:50.0651 2820  atikmdag - ok
18:51:50.0713 2820  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:51:50.0713 2820  AudioEndpointBuilder - ok
18:51:50.0745 2820  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:51:50.0745 2820  Audiosrv - ok
18:51:50.0791 2820  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:51:50.0791 2820  AxInstSV - ok
18:51:50.0854 2820  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
18:51:50.0854 2820  b06bdrv - ok
18:51:50.0901 2820  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:51:50.0901 2820  b57nd60x - ok
18:51:50.0932 2820  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:51:50.0932 2820  BDESVC - ok
18:51:50.0963 2820  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:51:50.0963 2820  Beep - ok
18:51:51.0041 2820  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
18:51:51.0057 2820  BFE - ok
18:51:51.0103 2820  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
18:51:51.0119 2820  BITS - ok
18:51:51.0135 2820  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:51:51.0135 2820  blbdrive - ok
18:51:51.0228 2820  [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:51:51.0228 2820  Bonjour Service - ok
18:51:51.0259 2820  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:51:51.0259 2820  bowser - ok
18:51:51.0306 2820  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:51:51.0306 2820  BrFiltLo - ok
18:51:51.0306 2820  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:51:51.0306 2820  BrFiltUp - ok
18:51:51.0369 2820  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
18:51:51.0369 2820  Browser - ok
18:51:51.0400 2820  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:51:51.0400 2820  Brserid - ok
18:51:51.0415 2820  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:51:51.0415 2820  BrSerWdm - ok
18:51:51.0447 2820  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:51:51.0447 2820  BrUsbMdm - ok
18:51:51.0447 2820  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:51:51.0447 2820  BrUsbSer - ok
18:51:51.0525 2820  [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
18:51:51.0525 2820  BTCFilterService - ok
18:51:51.0603 2820  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:51:51.0603 2820  BthEnum - ok
18:51:51.0618 2820  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:51:51.0618 2820  BTHMODEM - ok
18:51:51.0681 2820  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:51:51.0681 2820  BthPan - ok
18:51:51.0759 2820  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:51:51.0759 2820  BTHPORT - ok
18:51:51.0805 2820  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
18:51:51.0805 2820  bthserv - ok
18:51:51.0837 2820  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:51:51.0837 2820  BTHUSB - ok
18:51:51.0868 2820  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:51:51.0868 2820  cdfs - ok
18:51:51.0915 2820  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:51:51.0915 2820  cdrom - ok
18:51:51.0961 2820  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:51:51.0961 2820  CertPropSvc - ok
18:51:51.0993 2820  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:51:51.0993 2820  circlass - ok
18:51:52.0008 2820  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
18:51:52.0008 2820  CLFS - ok
18:51:52.0102 2820  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:51:52.0102 2820  clr_optimization_v2.0.50727_32 - ok
18:51:52.0211 2820  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:51:52.0211 2820  clr_optimization_v4.0.30319_32 - ok
18:51:52.0242 2820  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:51:52.0242 2820  CmBatt - ok
18:51:52.0273 2820  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:51:52.0273 2820  cmdide - ok
18:51:52.0336 2820  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:51:52.0336 2820  CNG - ok
18:51:52.0383 2820  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:51:52.0383 2820  Compbatt - ok
18:51:52.0445 2820  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:51:52.0445 2820  CompositeBus - ok
18:51:52.0461 2820  COMSysApp - ok
18:51:52.0492 2820  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:51:52.0492 2820  crcdisk - ok
18:51:52.0554 2820  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:51:52.0554 2820  CryptSvc - ok
18:51:52.0585 2820  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
18:51:52.0601 2820  CSC - ok
18:51:52.0648 2820  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
18:51:52.0648 2820  CscService - ok
18:51:52.0679 2820  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:51:52.0695 2820  DcomLaunch - ok
18:51:52.0726 2820  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:51:52.0726 2820  defragsvc - ok
18:51:52.0773 2820  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:51:52.0773 2820  DfsC - ok
18:51:52.0819 2820  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:51:52.0819 2820  Dhcp - ok
18:51:52.0851 2820  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
18:51:52.0866 2820  discache - ok
18:51:52.0913 2820  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:51:52.0913 2820  Disk - ok
18:51:52.0975 2820  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:51:52.0975 2820  Dnscache - ok
18:51:53.0038 2820  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:51:53.0053 2820  dot3svc - ok
18:51:53.0100 2820  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
18:51:53.0100 2820  DPS - ok
18:51:53.0147 2820  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:51:53.0147 2820  drmkaud - ok
18:51:53.0194 2820  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:51:53.0225 2820  DXGKrnl - ok
18:51:53.0256 2820  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
18:51:53.0256 2820  EapHost - ok
18:51:53.0443 2820  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
18:51:53.0475 2820  ebdrv - ok
18:51:53.0553 2820  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
18:51:53.0553 2820  EFS - ok
18:51:53.0631 2820  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:51:53.0646 2820  ehRecvr - ok
18:51:53.0662 2820  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
18:51:53.0677 2820  ehSched - ok
18:51:53.0709 2820  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:51:53.0724 2820  elxstor - ok
18:51:53.0724 2820  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:51:53.0740 2820  ErrDev - ok
18:51:53.0787 2820  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
18:51:53.0787 2820  EventSystem - ok
18:51:53.0818 2820  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
18:51:53.0818 2820  exfat - ok
18:51:53.0849 2820  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:51:53.0865 2820  fastfat - ok
18:51:53.0911 2820  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
18:51:53.0911 2820  Fax - ok
18:51:53.0927 2820  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:51:53.0927 2820  fdc - ok
18:51:53.0958 2820  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
18:51:53.0958 2820  fdPHost - ok
18:51:53.0974 2820  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
18:51:53.0974 2820  FDResPub - ok
18:51:53.0989 2820  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:51:53.0989 2820  FileInfo - ok
18:51:54.0005 2820  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:51:54.0005 2820  Filetrace - ok
18:51:54.0036 2820  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:51:54.0036 2820  flpydisk - ok
18:51:54.0067 2820  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:51:54.0067 2820  FltMgr - ok
18:51:54.0145 2820  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
18:51:54.0161 2820  FontCache - ok
18:51:54.0239 2820  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:51:54.0239 2820  FontCache3.0.0.0 - ok
18:51:54.0255 2820  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:51:54.0255 2820  FsDepends - ok
18:51:54.0286 2820  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:51:54.0286 2820  Fs_Rec - ok
18:51:54.0348 2820  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:51:54.0348 2820  fvevol - ok
18:51:54.0395 2820  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:51:54.0411 2820  gagp30kx - ok
18:51:54.0457 2820  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:51:54.0457 2820  GEARAspiWDM - ok
18:51:54.0520 2820  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:51:54.0520 2820  gpsvc - ok
18:51:54.0551 2820  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:51:54.0551 2820  hcw85cir - ok
18:51:54.0645 2820  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:51:54.0645 2820  HdAudAddService - ok
18:51:54.0676 2820  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:51:54.0676 2820  HDAudBus - ok
18:51:54.0691 2820  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:51:54.0691 2820  HidBatt - ok
18:51:54.0738 2820  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:51:54.0738 2820  HidBth - ok
18:51:54.0769 2820  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:51:54.0769 2820  HidIr - ok
18:51:54.0801 2820  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
18:51:54.0801 2820  hidserv - ok
18:51:54.0847 2820  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:51:54.0847 2820  HidUsb - ok
18:51:54.0894 2820  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:51:54.0910 2820  hkmsvc - ok
18:51:54.0925 2820  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:51:54.0941 2820  HomeGroupListener - ok
18:51:54.0988 2820  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:51:55.0003 2820  HomeGroupProvider - ok
18:51:55.0066 2820  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:51:55.0066 2820  HpSAMD - ok
18:51:55.0144 2820  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:51:55.0159 2820  HTTP - ok
18:51:55.0222 2820  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:51:55.0222 2820  hwpolicy - ok
18:51:55.0269 2820  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:51:55.0269 2820  i8042prt - ok
18:51:55.0300 2820  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:51:55.0300 2820  iaStorV - ok
18:51:55.0393 2820  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:51:55.0471 2820  idsvc - ok
18:51:55.0534 2820  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:51:55.0534 2820  iirsp - ok
18:51:55.0612 2820  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:51:55.0659 2820  IKEEXT - ok
18:51:55.0783 2820  [ 7CB41A5E5C24F9F50E6533693E2BB74D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:51:55.0877 2820  IntcAzAudAddService - ok
18:51:55.0908 2820  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:51:55.0908 2820  intelide - ok
18:51:55.0924 2820  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:51:55.0924 2820  intelppm - ok
18:51:55.0955 2820  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:51:55.0971 2820  IPBusEnum - ok
18:51:55.0986 2820  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:51:55.0986 2820  IpFilterDriver - ok
18:51:56.0033 2820  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:51:56.0033 2820  iphlpsvc - ok
18:51:56.0095 2820  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:51:56.0095 2820  IPMIDRV - ok
18:51:56.0095 2820  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:51:56.0095 2820  IPNAT - ok
18:51:56.0158 2820  [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:51:56.0173 2820  iPod Service - ok
18:51:56.0205 2820  [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda            C:\Windows\system32\DRIVERS\irda.sys
18:51:56.0205 2820  irda - ok
18:51:56.0236 2820  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:51:56.0236 2820  IRENUM - ok
18:51:56.0251 2820  [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon           C:\Windows\System32\irmon.dll
18:51:56.0251 2820  Irmon - ok
18:51:56.0314 2820  [ 5896B5FF6332AB2BE1582523E9656A67 ] irsir           C:\Windows\system32\DRIVERS\irsir.sys
18:51:56.0314 2820  irsir - ok
18:51:56.0361 2820  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:51:56.0361 2820  isapnp - ok
18:51:56.0392 2820  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:51:56.0407 2820  iScsiPrt - ok
18:51:56.0439 2820  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:51:56.0439 2820  kbdclass - ok
18:51:56.0501 2820  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:51:56.0501 2820  kbdhid - ok
18:51:56.0532 2820  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
18:51:56.0532 2820  KeyIso - ok
18:51:56.0579 2820  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:51:56.0579 2820  KSecDD - ok
18:51:56.0626 2820  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:51:56.0626 2820  KSecPkg - ok
18:51:56.0673 2820  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:51:56.0673 2820  KtmRm - ok
18:51:56.0719 2820  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:51:56.0719 2820  LanmanServer - ok
18:51:56.0735 2820  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:51:56.0751 2820  LanmanWorkstation - ok
18:51:56.0813 2820  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:51:56.0813 2820  lltdio - ok
18:51:56.0844 2820  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:51:56.0844 2820  lltdsvc - ok
18:51:56.0875 2820  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:51:56.0875 2820  lmhosts - ok
18:51:56.0907 2820  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:51:56.0907 2820  LSI_FC - ok
18:51:56.0938 2820  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:51:56.0938 2820  LSI_SAS - ok
18:51:56.0969 2820  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:51:56.0969 2820  LSI_SAS2 - ok
18:51:56.0985 2820  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:51:56.0985 2820  LSI_SCSI - ok
18:51:57.0016 2820  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
18:51:57.0016 2820  luafv - ok
18:51:57.0063 2820  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:51:57.0063 2820  MBAMProtector - ok
18:51:57.0141 2820  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:51:57.0156 2820  MBAMScheduler - ok
18:51:57.0203 2820  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:51:57.0219 2820  MBAMService - ok
18:51:57.0250 2820  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:51:57.0265 2820  Mcx2Svc - ok
18:51:57.0297 2820  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:51:57.0297 2820  megasas - ok
18:51:57.0343 2820  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:51:57.0343 2820  MegaSR - ok
18:51:57.0375 2820  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
18:51:57.0375 2820  MMCSS - ok
18:51:57.0390 2820  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
18:51:57.0390 2820  Modem - ok
18:51:57.0453 2820  [ 25483F9D590D5F00BD951E1181453EC2 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
18:51:57.0453 2820  MODEMCSA - ok
18:51:57.0499 2820  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:51:57.0499 2820  monitor - ok
18:51:57.0546 2820  [ 0A43169E115B5E9346A4BA1EFFCB04CB ] motandroidusb   C:\Windows\system32\Drivers\motoandroid.sys
18:51:57.0546 2820  motandroidusb - ok
18:51:57.0577 2820  [ 7B8D7BB9AE3AE9CD133BBC5AA91DD3CC ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
18:51:57.0577 2820  motccgp - ok
18:51:57.0624 2820  [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
18:51:57.0624 2820  motccgpfl - ok
18:51:57.0687 2820  [ C3B0FD4F463E90B3917FF6CCEA853BB6 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
18:51:57.0687 2820  motmodem - ok
18:51:57.0811 2820  [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper      C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
18:51:57.0811 2820  MotoHelper - ok
18:51:57.0827 2820  [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
18:51:57.0843 2820  MotoSwitchService - ok
18:51:57.0874 2820  [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
18:51:57.0874 2820  Motousbnet - ok
18:51:57.0905 2820  [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
18:51:57.0905 2820  motusbdevice - ok
18:51:57.0952 2820  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:51:57.0952 2820  mouclass - ok
18:51:58.0014 2820  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:51:58.0014 2820  mouhid - ok
18:51:58.0061 2820  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:51:58.0061 2820  mountmgr - ok
18:51:58.0170 2820  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:51:58.0170 2820  MpFilter - ok
18:51:58.0217 2820  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:51:58.0217 2820  mpio - ok
18:51:58.0389 2820  [ A69630D039C38018689190234F866D77 ] MpKsld52a7ae9   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{018D72E6-52BC-4CD2-8F40-DAC5FF696793}\MpKsld52a7ae9.sys
18:51:58.0389 2820  MpKsld52a7ae9 - ok
18:51:58.0451 2820  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:51:58.0451 2820  mpsdrv - ok
18:51:58.0591 2820  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:51:58.0607 2820  MpsSvc - ok
18:51:58.0654 2820  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:51:58.0654 2820  MRxDAV - ok
18:51:58.0732 2820  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:51:58.0732 2820  mrxsmb - ok
18:51:58.0779 2820  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:51:58.0779 2820  mrxsmb10 - ok
18:51:58.0794 2820  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:51:58.0794 2820  mrxsmb20 - ok
18:51:58.0841 2820  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
18:51:58.0841 2820  msahci - ok
18:51:58.0857 2820  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:51:58.0857 2820  msdsm - ok
18:51:58.0888 2820  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
18:51:58.0888 2820  MSDTC - ok
18:51:58.0935 2820  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:51:58.0935 2820  Msfs - ok
18:51:58.0950 2820  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:51:58.0950 2820  mshidkmdf - ok
18:51:58.0997 2820  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:51:58.0997 2820  msisadrv - ok
18:51:59.0044 2820  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:51:59.0044 2820  MSiSCSI - ok
18:51:59.0044 2820  msiserver - ok
18:51:59.0091 2820  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:51:59.0091 2820  MSKSSRV - ok
18:51:59.0247 2820  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:51:59.0262 2820  MsMpSvc - ok
18:51:59.0293 2820  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:51:59.0293 2820  MSPCLOCK - ok
18:51:59.0309 2820  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:51:59.0309 2820  MSPQM - ok
18:51:59.0340 2820  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:51:59.0340 2820  MsRPC - ok
18:51:59.0403 2820  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:51:59.0403 2820  mssmbios - ok
18:51:59.0434 2820  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:51:59.0434 2820  MSTEE - ok
18:51:59.0449 2820  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:51:59.0449 2820  MTConfig - ok
18:51:59.0496 2820  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
18:51:59.0496 2820  MTsensor - ok
18:51:59.0527 2820  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:51:59.0527 2820  Mup - ok
18:51:59.0574 2820  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
18:51:59.0590 2820  napagent - ok
18:51:59.0652 2820  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:51:59.0652 2820  NativeWifiP - ok
18:51:59.0715 2820  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:51:59.0730 2820  NDIS - ok
18:51:59.0746 2820  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:51:59.0746 2820  NdisCap - ok
18:51:59.0761 2820  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:51:59.0761 2820  NdisTapi - ok
18:51:59.0808 2820  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:51:59.0824 2820  Ndisuio - ok
18:51:59.0839 2820  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:51:59.0855 2820  NdisWan - ok
18:51:59.0871 2820  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:51:59.0871 2820  NDProxy - ok
18:51:59.0902 2820  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:51:59.0902 2820  NetBIOS - ok
18:51:59.0933 2820  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:51:59.0933 2820  NetBT - ok
18:51:59.0964 2820  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
18:51:59.0964 2820  Netlogon - ok
18:52:00.0027 2820  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
18:52:00.0027 2820  Netman - ok
18:52:00.0073 2820  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
18:52:00.0073 2820  netprofm - ok
18:52:00.0120 2820  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:52:00.0120 2820  NetTcpPortSharing - ok
18:52:00.0167 2820  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:52:00.0167 2820  nfrd960 - ok
18:52:00.0245 2820  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:52:00.0261 2820  NisDrv - ok
18:52:00.0323 2820  [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
18:52:00.0339 2820  NisSrv - ok
18:52:00.0385 2820  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:52:00.0385 2820  NlaSvc - ok
18:52:00.0417 2820  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:52:00.0417 2820  Npfs - ok
18:52:00.0463 2820  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
18:52:00.0463 2820  nsi - ok
18:52:00.0479 2820  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:52:00.0479 2820  nsiproxy - ok
18:52:00.0573 2820  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:52:00.0619 2820  Ntfs - ok
18:52:00.0651 2820  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
18:52:00.0651 2820  Null - ok
18:52:00.0697 2820  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:52:00.0697 2820  nvraid - ok
18:52:00.0744 2820  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:52:00.0744 2820  nvstor - ok
18:52:00.0791 2820  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:52:00.0807 2820  nv_agp - ok
18:52:00.0916 2820  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:52:00.0916 2820  odserv - ok
18:52:00.0963 2820  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:52:00.0963 2820  ohci1394 - ok
18:52:01.0009 2820  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:52:01.0009 2820  ose - ok
18:52:01.0056 2820  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:52:01.0056 2820  p2pimsvc - ok
18:52:01.0087 2820  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:52:01.0103 2820  p2psvc - ok
18:52:01.0150 2820  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:52:01.0150 2820  Parport - ok
18:52:01.0181 2820  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:52:01.0181 2820  partmgr - ok
18:52:01.0212 2820  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
18:52:01.0212 2820  Parvdm - ok
18:52:01.0243 2820  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:52:01.0243 2820  PcaSvc - ok
18:52:01.0290 2820  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
18:52:01.0290 2820  pci - ok
18:52:01.0306 2820  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
18:52:01.0306 2820  pciide - ok
18:52:01.0321 2820  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:52:01.0321 2820  pcmcia - ok
18:52:01.0353 2820  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
18:52:01.0353 2820  pcw - ok
18:52:01.0399 2820  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:52:01.0431 2820  PEAUTH - ok
18:52:01.0524 2820  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:52:01.0571 2820  PeerDistSvc - ok
18:52:01.0680 2820  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
18:52:01.0743 2820  pla - ok
18:52:01.0789 2820  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:52:01.0789 2820  PlugPlay - ok
18:52:01.0836 2820  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:52:01.0836 2820  PNRPAutoReg - ok
18:52:01.0867 2820  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:52:01.0867 2820  PNRPsvc - ok
18:52:01.0899 2820  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:52:01.0914 2820  PolicyAgent - ok
18:52:01.0992 2820  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
18:52:01.0992 2820  Power - ok
18:52:02.0055 2820  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:52:02.0055 2820  PptpMiniport - ok
18:52:02.0086 2820  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:52:02.0086 2820  Processor - ok
18:52:02.0148 2820  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
18:52:02.0164 2820  ProfSvc - ok
18:52:02.0195 2820  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:52:02.0195 2820  ProtectedStorage - ok
18:52:02.0242 2820  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:52:02.0242 2820  Psched - ok
18:52:02.0320 2820  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:52:02.0320 2820  ql2300 - ok
18:52:02.0351 2820  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:52:02.0351 2820  ql40xx - ok
18:52:02.0398 2820  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
18:52:02.0398 2820  QWAVE - ok
18:52:02.0429 2820  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:52:02.0429 2820  QWAVEdrv - ok
18:52:02.0445 2820  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:52:02.0445 2820  RasAcd - ok
18:52:02.0491 2820  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:52:02.0491 2820  RasAgileVpn - ok
18:52:02.0507 2820  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
18:52:02.0523 2820  RasAuto - ok
18:52:02.0554 2820  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:52:02.0554 2820  Rasl2tp - ok
18:52:02.0616 2820  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
18:52:02.0632 2820  RasMan - ok
18:52:02.0647 2820  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:52:02.0647 2820  RasPppoe - ok
18:52:02.0694 2820  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:52:02.0694 2820  RasSstp - ok
18:52:02.0725 2820  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:52:02.0725 2820  rdbss - ok
18:52:02.0741 2820  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:52:02.0741 2820  rdpbus - ok
18:52:02.0772 2820  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:52:02.0772 2820  RDPCDD - ok
18:52:02.0803 2820  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:52:02.0803 2820  RDPDR - ok
18:52:02.0850 2820  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:52:02.0850 2820  RDPENCDD - ok
18:52:02.0881 2820  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:52:02.0881 2820  RDPREFMP - ok
18:52:02.0944 2820  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:52:02.0959 2820  RDPWD - ok
18:52:03.0006 2820  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:52:03.0006 2820  rdyboost - ok
18:52:03.0037 2820  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:52:03.0037 2820  RemoteAccess - ok
18:52:03.0069 2820  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:52:03.0084 2820  RemoteRegistry - ok
18:52:03.0131 2820  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:52:03.0131 2820  RFCOMM - ok
18:52:03.0193 2820  [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
18:52:03.0193 2820  rimmptsk - ok
18:52:03.0225 2820  [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
18:52:03.0225 2820  rimsptsk - ok
18:52:03.0256 2820  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
18:52:03.0256 2820  rismxdp - ok
18:52:03.0303 2820  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:52:03.0318 2820  RpcEptMapper - ok
18:52:03.0349 2820  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
18:52:03.0365 2820  RpcLocator - ok
18:52:03.0396 2820  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
18:52:03.0412 2820  RpcSs - ok
18:52:03.0459 2820  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:52:03.0459 2820  rspndr - ok
18:52:03.0521 2820  [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
18:52:03.0521 2820  RTL8167 - ok
18:52:03.0552 2820  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:52:03.0552 2820  s3cap - ok
18:52:03.0568 2820  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
18:52:03.0583 2820  SamSs - ok
18:52:03.0599 2820  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:52:03.0615 2820  sbp2port - ok
18:52:03.0646 2820  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:52:03.0661 2820  SCardSvr - ok
18:52:03.0708 2820  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:52:03.0708 2820  scfilter - ok
18:52:03.0880 2820  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
18:52:03.0895 2820  Schedule - ok
18:52:03.0927 2820  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:52:03.0927 2820  SCPolicySvc - ok
18:52:03.0958 2820  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:52:03.0958 2820  sdbus - ok
18:52:04.0005 2820  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:52:04.0005 2820  SDRSVC - ok
18:52:04.0067 2820  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:52:04.0067 2820  secdrv - ok
18:52:04.0083 2820  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
18:52:04.0098 2820  seclogon - ok
18:52:04.0129 2820  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
18:52:04.0129 2820  SENS - ok
18:52:04.0176 2820  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:52:04.0176 2820  SensrSvc - ok
18:52:04.0207 2820  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:52:04.0207 2820  Serenum - ok
18:52:04.0239 2820  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:52:04.0239 2820  Serial - ok
18:52:04.0270 2820  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:52:04.0270 2820  sermouse - ok
18:52:04.0332 2820  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:52:04.0332 2820  SessionEnv - ok
18:52:04.0363 2820  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
18:52:04.0363 2820  sffdisk - ok
18:52:04.0379 2820  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:52:04.0379 2820  sffp_mmc - ok
18:52:04.0379 2820  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
18:52:04.0395 2820  sffp_sd - ok
18:52:04.0426 2820  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:52:04.0426 2820  sfloppy - ok
18:52:04.0457 2820  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:52:04.0473 2820  SharedAccess - ok
18:52:04.0504 2820  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:52:04.0504 2820  ShellHWDetection - ok
18:52:04.0535 2820  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:52:04.0535 2820  sisagp - ok
18:52:04.0566 2820  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:52:04.0566 2820  SiSRaid2 - ok
18:52:04.0597 2820  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:52:04.0597 2820  SiSRaid4 - ok
18:52:04.0629 2820  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:52:04.0629 2820  Smb - ok
18:52:04.0707 2820  [ 7E6628D18D30F14A56C0D9116310AB8A ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
18:52:04.0738 2820  smserial - ok
18:52:04.0816 2820  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:52:04.0816 2820  SNMPTRAP - ok
18:52:05.0299 2820  [ 92F7A6C3AB7DF4634A7323589C6BBB38 ] SNP2STD         C:\Windows\system32\DRIVERS\snp2sxp.sys
18:52:05.0377 2820  SNP2STD - ok
18:52:05.0518 2820  [ B3E81DD6B624A5A19F0A49D4085EE5F3 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
18:52:05.0533 2820  SNP2UVC - ok
18:52:05.0565 2820  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:52:05.0565 2820  spldr - ok
18:52:05.0627 2820  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
18:52:05.0643 2820  Spooler - ok
18:52:05.0830 2820  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
18:52:05.0845 2820  sppsvc - ok
18:52:05.0892 2820  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:52:05.0892 2820  sppuinotify - ok
18:52:05.0986 2820  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys
18:52:05.0986 2820  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:52:05.0986 2820  sptd ( LockedFile.Multi.Generic ) - warning
18:52:05.0986 2820  sptd - detected LockedFile.Multi.Generic (1)
18:52:06.0033 2820  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:52:06.0048 2820  srv - ok
18:52:06.0064 2820  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:52:06.0064 2820  srv2 - ok
18:52:06.0095 2820  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:52:06.0095 2820  srvnet - ok
18:52:06.0126 2820  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:52:06.0142 2820  SSDPSRV - ok
18:52:06.0157 2820  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:52:06.0157 2820  SstpSvc - ok
18:52:06.0204 2820  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:52:06.0204 2820  stexstor - ok
18:52:06.0251 2820  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:52:06.0251 2820  StiSvc - ok
18:52:06.0298 2820  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:52:06.0298 2820  storflt - ok
18:52:06.0329 2820  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
18:52:06.0329 2820  StorSvc - ok
18:52:06.0360 2820  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:52:06.0360 2820  storvsc - ok
18:52:06.0391 2820  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:52:06.0391 2820  swenum - ok
18:52:06.0532 2820  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:52:06.0547 2820  SwitchBoard - ok
18:52:06.0610 2820  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
18:52:06.0625 2820  swprv - ok
18:52:06.0688 2820  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
18:52:06.0735 2820  SysMain - ok
18:52:06.0781 2820  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:52:06.0781 2820  TabletInputService - ok
18:52:06.0844 2820  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:52:06.0844 2820  TapiSrv - ok
18:52:06.0875 2820  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
18:52:06.0875 2820  TBS - ok
18:52:06.0969 2820  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:52:07.0000 2820  Tcpip - ok
18:52:07.0078 2820  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:52:07.0078 2820  TCPIP6 - ok
18:52:07.0125 2820  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:52:07.0125 2820  tcpipreg - ok
18:52:07.0171 2820  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:52:07.0171 2820  TDPIPE - ok
18:52:07.0218 2820  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:52:07.0218 2820  TDTCP - ok
18:52:07.0265 2820  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:52:07.0265 2820  tdx - ok
18:52:07.0281 2820  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:52:07.0281 2820  TermDD - ok
18:52:07.0343 2820  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
18:52:07.0359 2820  TermService - ok
18:52:07.0390 2820  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
18:52:07.0405 2820  Themes - ok
18:52:07.0421 2820  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:52:07.0421 2820  THREADORDER - ok
18:52:07.0452 2820  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
18:52:07.0468 2820  TrkWks - ok
18:52:07.0515 2820  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:52:07.0515 2820  TrustedInstaller - ok
18:52:07.0546 2820  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:52:07.0546 2820  tssecsrv - ok
18:52:07.0608 2820  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:52:07.0608 2820  TsUsbFlt - ok
18:52:07.0671 2820  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:52:07.0671 2820  tunnel - ok
18:52:07.0702 2820  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:52:07.0702 2820  uagp35 - ok
18:52:07.0749 2820  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:52:07.0749 2820  udfs - ok
18:52:07.0795 2820  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:52:07.0795 2820  UI0Detect - ok
18:52:07.0842 2820  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:52:07.0842 2820  uliagpkx - ok
18:52:07.0889 2820  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
18:52:07.0889 2820  umbus - ok
18:52:07.0905 2820  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:52:07.0905 2820  UmPass - ok
18:52:07.0951 2820  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:52:07.0951 2820  UmRdpService - ok
18:52:07.0983 2820  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
18:52:07.0983 2820  upnphost - ok
18:52:08.0029 2820  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:52:08.0029 2820  usbccgp - ok
18:52:08.0045 2820  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:52:08.0045 2820  usbcir - ok
18:52:08.0076 2820  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:52:08.0076 2820  usbehci - ok
18:52:08.0092 2820  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:52:08.0107 2820  usbhub - ok
18:52:08.0123 2820  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:52:08.0123 2820  usbohci - ok
18:52:08.0170 2820  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:52:08.0170 2820  usbprint - ok
18:52:08.0201 2820  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:52:08.0201 2820  usbscan - ok
18:52:08.0232 2820  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:52:08.0232 2820  USBSTOR - ok
18:52:08.0248 2820  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:52:08.0263 2820  usbuhci - ok
18:52:08.0295 2820  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
18:52:08.0295 2820  UxSms - ok
18:52:08.0326 2820  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
18:52:08.0326 2820  VaultSvc - ok
18:52:08.0357 2820  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:52:08.0357 2820  vdrvroot - ok
18:52:08.0404 2820  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
18:52:08.0404 2820  vds - ok
18:52:08.0435 2820  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:52:08.0435 2820  vga - ok
18:52:08.0451 2820  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:52:08.0451 2820  VgaSave - ok
18:52:08.0482 2820  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:52:08.0497 2820  vhdmp - ok
18:52:08.0529 2820  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:52:08.0544 2820  viaagp - ok
18:52:08.0591 2820  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
18:52:08.0591 2820  ViaC7 - ok
18:52:08.0622 2820  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
18:52:08.0622 2820  viaide - ok
18:52:08.0638 2820  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:52:08.0653 2820  vmbus - ok
18:52:08.0653 2820  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:52:08.0669 2820  VMBusHID - ok
18:52:08.0685 2820  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:52:08.0685 2820  volmgr - ok
18:52:08.0731 2820  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:52:08.0731 2820  volmgrx - ok
18:52:08.0763 2820  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:52:08.0763 2820  volsnap - ok
18:52:08.0794 2820  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:52:08.0809 2820  vsmraid - ok
18:52:08.0887 2820  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
18:52:08.0903 2820  VSS - ok
18:52:08.0903 2820  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:52:08.0903 2820  vwifibus - ok
18:52:08.0950 2820  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:52:08.0950 2820  vwififlt - ok
18:52:08.0981 2820  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
18:52:08.0997 2820  W32Time - ok
18:52:09.0028 2820  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:52:09.0028 2820  WacomPen - ok
18:52:09.0075 2820  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:52:09.0075 2820  WANARP - ok
18:52:09.0075 2820  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:52:09.0075 2820  Wanarpv6 - ok
18:52:09.0168 2820  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:52:09.0215 2820  WatAdminSvc - ok
18:52:09.0277 2820  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
18:52:09.0355 2820  wbengine - ok
18:52:09.0387 2820  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:52:09.0402 2820  WbioSrvc - ok
18:52:09.0449 2820  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:52:09.0449 2820  wcncsvc - ok
18:52:09.0465 2820  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:52:09.0465 2820  WcsPlugInService - ok
18:52:09.0496 2820  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:52:09.0496 2820  Wd - ok
18:52:09.0558 2820  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:52:09.0558 2820  Wdf01000 - ok
18:52:09.0589 2820  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:52:09.0589 2820  WdiServiceHost - ok
18:52:09.0605 2820  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:52:09.0605 2820  WdiSystemHost - ok
18:52:09.0652 2820  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
18:52:09.0652 2820  WebClient - ok
18:52:09.0667 2820  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:52:09.0683 2820  Wecsvc - ok
18:52:09.0699 2820  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:52:09.0699 2820  wercplsupport - ok
18:52:09.0745 2820  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:52:09.0761 2820  WerSvc - ok
18:52:09.0823 2820  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:52:09.0823 2820  WfpLwf - ok
18:52:09.0855 2820  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:52:09.0855 2820  WIMMount - ok
18:52:09.0948 2820  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:52:09.0964 2820  WinDefend - ok
18:52:09.0979 2820  WinHttpAutoProxySvc - ok
18:52:10.0057 2820  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:52:10.0057 2820  Winmgmt - ok
18:52:10.0120 2820  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
18:52:10.0167 2820  WinRM - ok
18:52:10.0229 2820  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:52:10.0229 2820  WinUsb - ok
18:52:10.0291 2820  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:52:10.0291 2820  Wlansvc - ok
18:52:10.0307 2820  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:52:10.0307 2820  WmiAcpi - ok
18:52:10.0338 2820  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:52:10.0338 2820  wmiApSrv - ok
18:52:10.0447 2820  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:52:10.0479 2820  WMPNetworkSvc - ok
18:52:10.0494 2820  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:52:10.0494 2820  WPCSvc - ok
18:52:10.0525 2820  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:52:10.0541 2820  WPDBusEnum - ok
18:52:10.0572 2820  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:52:10.0572 2820  ws2ifsl - ok
18:52:10.0588 2820  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:52:10.0603 2820  wscsvc - ok
18:52:10.0603 2820  WSearch - ok
18:52:10.0759 2820  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:52:10.0775 2820  wuauserv - ok
18:52:10.0822 2820  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:52:10.0822 2820  WudfPf - ok
18:52:10.0869 2820  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:52:10.0869 2820  WUDFRd - ok
18:52:10.0915 2820  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:52:10.0915 2820  wudfsvc - ok
18:52:10.0947 2820  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:52:10.0947 2820  WwanSvc - ok
18:52:10.0993 2820  ================ Scan global ===============================
18:52:11.0040 2820  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:52:11.0087 2820  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:52:11.0118 2820  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:52:11.0149 2820  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:52:11.0165 2820  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:52:11.0181 2820  [Global] - ok
18:52:11.0181 2820  ================ Scan MBR ==================================
18:52:11.0196 2820  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:52:11.0493 2820  \Device\Harddisk0\DR0 - ok
18:52:11.0508 2820  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
18:52:11.0664 2820  \Device\Harddisk1\DR1 - ok
18:52:11.0664 2820  ================ Scan VBR ==================================
18:52:11.0664 2820  [ CEB7EC5C4E349ADD79854660F41A5854 ] \Device\Harddisk0\DR0\Partition1
18:52:11.0664 2820  \Device\Harddisk0\DR0\Partition1 - ok
18:52:11.0695 2820  [ 535EFE5D8C01C49A04DC921D3FAA0526 ] \Device\Harddisk0\DR0\Partition2
18:52:11.0711 2820  \Device\Harddisk0\DR0\Partition2 - ok
18:52:11.0727 2820  [ 5DD2BFBB35F4C4DC8B88586F8FEE225C ] \Device\Harddisk0\DR0\Partition3
18:52:11.0727 2820  \Device\Harddisk0\DR0\Partition3 - ok
18:52:11.0758 2820  [ 4FFE01062CCB262B80A2EBEF0E99B6BE ] \Device\Harddisk0\DR0\Partition4
18:52:11.0758 2820  \Device\Harddisk0\DR0\Partition4 - ok
18:52:11.0758 2820  [ 8C8B8D331534371B0D7964B7CC5D2F95 ] \Device\Harddisk1\DR1\Partition1
18:52:11.0758 2820  \Device\Harddisk1\DR1\Partition1 - ok
18:52:11.0773 2820  ============================================================
18:52:11.0773 2820  Scan finished
18:52:11.0773 2820  ============================================================
18:52:11.0789 3332  Detected object count: 1
18:52:11.0789 3332  Actual detected object count: 1
18:52:36.0437 3332  sptd ( LockedFile.Multi.Generic ) - skipped by user
18:52:36.0437 3332  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

mbar

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.07

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
silwi :: SILWI-PC [administrator]

12.03.2013 19:31:26
mbar-log-2013-03-12 (19-31-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27641
Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Kann ich sonst noch was machen um sicher zu gehen?

Dir schon mal ein dickes Danke!

cosinus · 13.03.2013, 13:42

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

funkedelic · 13.03.2013, 14:04

So hier dann die OTL logs. Kann man dir irgendwie nen Bier spendieren?

OTL.txt

Code:

ATTFilter

OTL logfile created on: 13.03.2013 13:47:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 53,29% Memory free
5,81 Gb Paging File | 4,15 Gb Available in Paging File | 71,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,90 Gb Total Space | 2,74 Gb Free Space | 9,15% Space Free | Partition Type: NTFS
Drive D: | 90,00 Gb Total Space | 64,31 Gb Free Space | 71,46% Space Free | Partition Type: NTFS
Drive E: | 159,46 Gb Total Space | 158,68 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
 
Computer Name: SILWI-PC | User Name: silwi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\vsnp2std.exe (Sonix)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3512.36924__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3512.36804__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3512.36880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3512.36823__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3512.36875__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3512.36818__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3512.36812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3512.36907__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3512.36906__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3512.36910__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3512.36906__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3512.36894__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3512.36861__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3512.36894__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3512.36862__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3512.36812__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3512.36856__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3512.36861__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3512.36895__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3512.36893__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3512.36847__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3512.36920__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3512.36849__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3512.36876__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3512.36824__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3512.36869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3512.36855__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3512.36829__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3512.36824__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3512.36854__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3512.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3512.36854__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3512.36828__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3512.36855__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3512.36919__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3512.36900__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3512.36801__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3512.36883__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3512.36817__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3512.36889__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3512.36887__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3512.36803__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3512.36808__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3512.36800__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3512.36801__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3512.36801__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3512.36889__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 56 C2 DF 10 1F CE 01  [binary data]
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: firenes%40facundo.zaldo:2.0.2
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.99
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/2463c6bf50d344127fa8158d581f453d/proxy.pac"
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.09 23:12:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013.02.27 13:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.03.12 21:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013.02.27 13:21:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.03.12 21:23:43 | 000,000,000 | ---D | M]
 
[2009.11.08 19:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\Extensions
[2013.02.24 12:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions
[2010.07.24 11:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.24 12:44:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.24 12:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\Firefox\Profiles\lji63exj.default\extensions\staged
[2012.01.03 13:59:50 | 000,071,254 | R--- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\firenes@facundo.zaldo.xpi
[2013.02.24 12:44:16 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.01.03 17:00:07 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013.02.14 23:56:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009.12.04 19:46:33 | 000,001,626 | ---- | M] () -- C:\Users\silwi\AppData\Roaming\mozilla\firefox\profiles\lji63exj.default\searchplugins\mozilla-add-ons.xml
 
O1 HOSTS File: ([2010.10.27 22:03:06 | 000,002,402 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 crl.verisign.net 
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET 
O1 - Hosts: 127.0.0.1 ood.opsource.net 
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net 
O1 - Hosts: 127.0.0.1 practivate.adobe 
O1 - Hosts: 127.0.0.1 practivate.adobe 
O1 - Hosts: 24 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1301914460-2819278184-866932503-1000..\Run: [rgamx] C:\Users\silwi\AppData\Roaming\brcoinst9.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\silwi\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\silwi\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6FE873F-C04C-4674-B5CC-F53C334CFA48}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d982634-1b7b-11e0-86da-00158307ca40}\Shell - "" = AutoRun
O33 - MountPoints2\{2d982634-1b7b-11e0-86da-00158307ca40}\Shell\AutoRun\command - "" = H:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.12 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\silwi\AppData\Roaming\Avira
[2013.03.12 21:22:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.12 21:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.12 21:14:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 21:14:35 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 21:14:35 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 21:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.12 21:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.12 19:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.03.12 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013.03.12 11:32:19 | 000,000,000 | ---D | C] -- C:\Users\silwi\AppData\Roaming\Malwarebytes
[2013.03.12 11:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.12 11:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.12 11:31:58 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.12 11:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.12 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\silwi\AppData\Local\Programs
[2013.02.28 06:55:11 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.28 06:54:42 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.28 06:54:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 06:54:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 06:54:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 06:54:26 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.28 06:54:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 06:54:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 06:54:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 06:54:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 06:54:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 06:54:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 06:54:10 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.28 06:54:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.28 06:54:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.28 06:54:08 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.28 06:54:08 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.28 06:54:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.28 06:54:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.28 06:54:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.28 06:54:07 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.28 06:54:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.28 06:54:07 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.28 06:54:07 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.28 06:54:05 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.24 02:15:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013.02.20 22:17:09 | 000,000,000 | ---D | C] -- C:\Users\silwi\dwhelper
[2013.02.17 13:41:16 | 000,000,000 | ---D | C] -- C:\Users\silwi\Application Data
[2013.02.14 00:33:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 00:33:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 00:33:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 00:33:40 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 00:33:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 00:33:38 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 00:33:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 00:33:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 20:16:45 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 20:16:42 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.13 20:16:39 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 20:16:38 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 20:16:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 13:35:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 13:34:59 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 13:34:59 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.13 13:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 21:39:06 | 000,000,458 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.12 21:26:52 | 000,006,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 21:26:52 | 000,006,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 21:23:44 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.12 21:18:54 | 2339,799,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.12 21:14:54 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.12 21:12:22 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 21:12:22 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 21:12:22 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 21:12:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.12 21:08:59 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.12 19:37:29 | 000,001,072 | ---- | M] () -- C:\Users\silwi\Desktop\EVEREST Home Edition.lnk
[2013.03.12 11:32:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.02 11:51:57 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.02 11:51:57 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.02 11:51:57 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.02 11:51:57 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.01 22:07:22 | 000,007,598 | ---- | M] () -- C:\Users\silwi\AppData\Local\Resmon.ResmonCfg
[2013.03.01 18:45:18 | 000,155,648 | RHS- | M] () -- C:\Users\silwi\AppData\Roaming\brcoinst9.dll
[2013.02.20 22:36:35 | 015,178,713 | ---- | M] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _-1.mp4
[2013.02.20 22:31:31 | 000,000,419 | ---- | M] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _.mp4
[2013.02.20 22:27:53 | 051,771,720 | ---- | M] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders Call Me Maybe imitaded by americ.mp4
[2013.02.17 13:37:52 | 000,000,244 | ---- | M] () -- C:\Users\silwi\.swfinfo
[2013.02.14 18:50:10 | 003,652,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.12 21:39:06 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.03.12 21:22:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013.03.12 21:22:45 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.12 21:14:54 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.12 19:37:29 | 000,001,072 | ---- | C] () -- C:\Users\silwi\Desktop\EVEREST Home Edition.lnk
[2013.03.12 11:32:35 | 000,006,592 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 11:32:34 | 000,006,592 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 11:32:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 18:45:17 | 000,155,648 | RHS- | C] () -- C:\Users\silwi\AppData\Roaming\brcoinst9.dll
[2013.02.20 22:35:18 | 015,178,713 | ---- | C] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _-1.mp4
[2013.02.20 22:31:30 | 000,000,419 | ---- | C] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders _Call Me Maybe_ vs U.S. Troops _.mp4
[2013.02.20 22:21:51 | 051,771,720 | ---- | C] () -- C:\Users\silwi\Desktop\Miami Dolphins Cheerleaders Call Me Maybe imitaded by americ.mp4
[2013.02.17 13:37:52 | 000,000,244 | ---- | C] () -- C:\Users\silwi\.swfinfo
[2011.06.25 20:34:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.06.28 21:48:30 | 000,007,598 | ---- | C] () -- C:\Users\silwi\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 13.03.2013 13:47:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 53,29% Memory free
5,81 Gb Paging File | 4,15 Gb Available in Paging File | 71,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,90 Gb Total Space | 2,74 Gb Free Space | 9,15% Space Free | Partition Type: NTFS
Drive D: | 90,00 Gb Total Space | 64,31 Gb Free Space | 71,46% Space Free | Partition Type: NTFS
Drive E: | 159,46 Gb Total Space | 158,68 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
 
Computer Name: SILWI-PC | User Name: silwi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EE0433D-2057-4AAC-8781-79E07A628EA7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10457BD6-9242-4BE4-862E-02E97AE2918A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{16F7B5F9-133E-4522-8401-99674EDE674A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1B8C6C95-D3AF-4C8E-8372-F0F9F4ED2F24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2AC4F119-3A8E-4265-A6DA-9B6B3C7B2193}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E974DA7-D86A-48EA-AF22-5407DBEB1DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3406A899-6B1E-478F-B08F-30546E39C7B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{377FCBAF-BB2D-4EC8-B315-FC914C5FE752}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3BA088CD-A4FA-4C09-89D9-85DE5A7EA1F4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3CD04AF5-6D76-4B69-B437-8B606287FDD0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4047E7BC-D491-465E-BA72-58C47B737D3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51C8BDD9-3F7E-431C-A384-DB23D4CE4120}" = rport=138 | protocol=17 | dir=out | app=system | 
"{59D8BAB6-32B3-4F66-90DE-A54E0A7EB5D9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B566920-03F4-4086-84FB-B4039729F8FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{87CD8CF6-F07D-4C83-A993-B5A2BD4AD16B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{88698B01-4043-4814-B2C8-8C5174CC35EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8EBEE16F-72CC-4C9D-B775-64E93BEAA3BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9865514F-8250-496C-A031-AE32050C331C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98F285F7-E1D8-420C-A3A9-829DAC3C2736}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CC83BD08-F87E-4F5C-871F-62899CDE0AC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD30611F-0DDB-4CCB-BD89-186F7FFEAA35}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DEE71EA4-F4AB-4353-9DE8-03232BAA3121}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E7C9D80F-0F46-4A94-9C27-D90378B1B095}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA4E9D8A-9535-4969-AFB3-3501A8A622ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E8CD382-667E-419E-B224-BFB6F852DC24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1194F814-D13F-44BB-BE32-A9F9C79F8CC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{122E3CE9-EC86-4298-82AF-B50E045C173F}" = protocol=6 | dir=out | app=system | 
"{34FE48D2-19B1-4CD2-92AD-AD777031A04D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{480B4516-99BB-41BA-984A-C58DC62952A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67C26132-987B-4B56-BF53-461451DE5C17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79E84BD1-6FD9-4D3A-91AF-BAD80C6CF09B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{802FE529-0FC2-457E-9F15-2935ED2377A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{830AB827-2970-46B7-860B-5A47820E104E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{92D8FC06-57EA-4565-A627-556C0E4D8074}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F17A77B-32F0-4FC6-9BAD-59D3F4E86529}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BDE48AFC-F5BC-4F10-AA47-0350F6D4E883}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3A63557-0086-4E2B-8B0D-C005E50F2D77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C87D2164-6CF6-4180-9943-675CF74FE421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCF6FEFC-D10B-4829-A162-EA32CD4AEC20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DF281E1F-44EC-4FAE-A6B5-5C03170DE884}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E1CD1756-A027-49B4-B2F2-BE81712FE7D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4545697-9145-447D-9096-04C49412074D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB7DBAFA-97BD-4EC3-903D-2C2FFD117560}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{BFD24BAA-8AAE-4FF9-B7A9-1BBD7E10DF8B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{0BBC1155-E451-4328-97C3-B8F5A2F1DB43}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C7BCCCA-F9F3-82A6-FE6A-1160F7E14745}" = CCC Help Italian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D707A04-9C3B-D735-1169-2C36A02EC1FD}" = Catalyst Control Center Core Implementation
"{0E0AA7EF-A847-3C08-ABF9-EDA7936DAFC5}" = Catalyst Control Center Graphics Full New
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{228B5714-9E6F-B9AE-6B6D-E8FF31C2A6D0}" = CCC Help German
"{25D90A06-E086-614F-203C-9ADB3A83709C}" = CCC Help French
"{2CDC3BD6-CA3D-F3FE-9700-FCBDB7CFA4C0}" = ccc-core-static
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36281CC3-FA8D-3008-4D50-53F7DF2DD9FB}" = ccc-utility
"{3A6631D2-7523-5046-ACF3-EC6FAD28FBA5}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0D4FC1-AF9E-BB44-2E17-872B462646FF}" = ATI Catalyst Install Manager
"{40DE7141-333D-8D31-97FF-5C0ED5F3B552}" = CCC Help Polish
"{4E7101FC-D19E-717B-F5F1-05DFAE4DC7CE}" = CCC Help Dutch
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{668B9FC5-9FA8-5C47-4AB5-E59D6D6E2123}" = CCC Help Greek
"{6A154072-2009-7396-1B4F-1BBBEADD4895}" = CCC Help Swedish
"{6E0D5213-BD75-A091-4162-C6311745C23B}" = Catalyst Control Center Graphics Previews Common
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{84194016-CDFE-FD7D-017E-6FDDDEBF9888}" = CCC Help Danish
"{844BD550-45F4-AD73-412F-CF40CFAFA5E9}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942FB97A-B829-0371-5C91-74DAEAFF6900}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9841591-47F4-7E49-0F1E-7E2ED014E248}" = CCC Help English
"{AB82ED30-1B6F-8B9A-2835-E4141A88BB6F}" = CCC Help Norwegian
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B3D12C7E-6E25-D407-074D-931D66023EAE}" = CCC Help Czech
"{B8ED984C-54AF-5705-EF5C-2739262F113F}" = CCC Help Japanese
"{C121C592-D8AB-8F29-309B-EA85483D6C51}" = CCC Help Chinese Standard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D028B96F-8C9F-63DA-83EB-0F00D87700DA}" = CCC Help Finnish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D311066E-6530-CEA2-7BCF-A665416AF11C}" = CCC Help Thai
"{D8E0E80A-E5CA-9F64-2E46-CE694830507B}" = Catalyst Control Center Localization All
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24D41C-022A-29DC-E4D4-F9C871F76DD4}" = CCC Help Russian
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0631725-6F53-0BFB-5C02-CA8DEF14C7B2}" = Catalyst Control Center Graphics Full Existing
"{E5470B21-CA46-8BDD-247F-8717536DCFEB}" = CCC Help Chinese Traditional
"{EB47C52F-CE56-1066-5FB4-0B7663410A7C}" = Catalyst Control Center HydraVision Full
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFC47A05-3212-F334-EDA5-C5D2907419FE}" = CCC Help Hungarian
"{F09DA254-8879-1E7F-C14D-FFE8626F804B}" = Catalyst Control Center Graphics Previews Vista
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F404F36C-8FEF-5EA8-6D92-8B64F186D2C0}" = CCC Help Korean
"{FBFBDF43-D184-2AC4-A566-3DDF155979D3}" = CCC Help Spanish
"{FE8F944C-5209-8EEB-604D-0BAB9B2A4540}" = Catalyst Control Center Graphics Light
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"STANDARD" = Microsoft Office Standard 2007
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1301914460-2819278184-866932503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.03.2013 23:17:32 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31699
 
Error - 12.03.2013 23:17:32 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31699
 
Error - 12.03.2013 23:17:47 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.03.2013 23:17:47 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 47440
 
Error - 12.03.2013 23:17:47 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 47440
 
Error - 12.03.2013 23:18:03 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.03.2013 23:18:03 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 63087
 
Error - 12.03.2013 23:18:03 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 63087
 
Error - 12.03.2013 23:18:19 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.03.2013 23:18:19 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 78749
 
Error - 12.03.2013 23:18:19 | Computer Name = silwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 78749
 
[ Media Center Events ]
Error - 13.03.2010 05:09:32 | Computer Name = silwi-PC | Source = MCUpdate | ID = 0
Description = 10:09:32 - Fehler beim Herstellen der Internetverbindung.  10:09:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.03.2010 05:09:43 | Computer Name = silwi-PC | Source = MCUpdate | ID = 0
Description = 10:09:37 - Fehler beim Herstellen der Internetverbindung.  10:09:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 10.04.2011 07:35:42 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3219
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 17.07.2011 19:38:05 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46853
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 11.08.2011 05:13:43 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1706
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 17.09.2011 18:59:58 | Computer Name = silwi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1619
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.03.2013 16:19:03 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.03.2013 16:19:35 | Computer Name = silwi-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 12.03.2013 16:19:35 | Computer Name = silwi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 12.03.2013 16:19:35 | Computer Name = silwi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 12.03.2013 17:16:47 | Computer Name = silwi-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 12.03.2013 23:16:51 | Computer Name = silwi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.03.2013 23:16:51 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 13.03.2013 08:34:43 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 13.03.2013 08:34:43 | Computer Name = silwi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 13.03.2013 08:38:51 | Computer Name = silwi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >

cosinus · 13.03.2013, 14:16

Zitat:

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Code:

ATTFilter

O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe 
O1 - Hosts: 127.0.0.1 practivate.adobe

hiermit ist das Thema beendet

Diese Einträge in der Hosts dienen dazu, raubkopierte (gecrackte) Software lauffähig zu machen

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

funkedelic · 13.03.2013, 14:21

mh kein plan wieso das in den host ist, da ist eine studenten version von cs5 drauf und ansonsten nix. naja muss ich meiner freundin mal auf die finger hauen.

an der uni gibts von ms nur prof editionen.

aber nagut dann wird der rechner halt neu aufgesetzt.

cosinus · 13.03.2013, 14:23

Ok, dann ist die Pro-Version ok, aber solche Einträge in der Hosts-Datei gehen garnicht

funkedelic · 13.03.2013, 14:25

kp was die da machen. meine freundin hat von so was kein plan, ich brauch es nicht da ich alles kostenlos überdie uni bekomm was ich brauch. könnte höchstens wieder mal irgendein honk auf ihrer arbeit gewesen sein der ihr was tolles neues drauf machen wollte, wäre nicht das erste mal.

13.03.2013, 14:23	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649 Ok, dann ist die Pro-Version ok, aber solche Einträge in der Hosts-Datei gehen garnicht __________________ Logfiles bitte immer in CODE-Tags posten

Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649

Plagegeister aller Art und deren Bekämpfung: Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649