Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.04.2013, 20:37   #1
Manu39
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hey liebes trojaner-board Team,
schonmal vielen Dank im Vorraus, ist echt eine super Sache hier!

Also, ich habe mir jedenfalls gerade einen neuen PC zugelegt, alles ordnungsgemäß installiert und funktioniert auch alles einwandfrei. Zum Schluss habe ich eben nochmal mit Avira antivir eine Vollständige Systemprüfung durchgeführt. Und wie der Titel schon sagt, wurde der "BOO/Whistler.DB" Bootvirus in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' entdeckt.
(HD1 ist nicht die Systempartition sondern bei mir E:\ wo ich alle meine Daten speichere und I ist hier meine Externe Festplatte, die zur Datensicherung von E:\ dient.)

Natürlich habe ich mich erstmal selbst ein wenig informiert und bin schließlich auf den Avira bootwizard gestoßen und habe den Bootsektor mit der gebrannten CD dann überschrieben. Nach dem 1. mal hat es garnichts genützt, beim 2. mal anscheinend schon, denn dann hat weder Windows Defender mit Schnellüberprüfung, noch Aviras Komplettsuchlauf den besagten Bootvirus, noch irgendeinen anderen Schädling entdeckt.

Jetzt habe ich dennoch ein bisschen Angst, dass noch irgendetwas Schädliches vorhanden ist, wäre schon ärgerlich bei einem komplett neuen PC.

So, ich hoffe mal, dass ich nichts vergessen habe.


Hier die 3 benötigten Scans:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 08.04.2013 20:53:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 78,04% Memory free
15,92 Gb Paging File | 12,94 Gb Available in Paging File | 81,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,58 Gb Total Space | 23,90 Gb Free Space | 40,80% Space Free | Partition Type: NTFS
Drive D: | 200,01 Gb Total Space | 175,04 Gb Free Space | 87,52% Space Free | Partition Type: NTFS
Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
 
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
PRC - [2013.04.03 12:54:59 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe
PRC - [2013.03.31 03:38:37 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.30 19:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.04 15:22:01 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.02.01 17:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.03 12:54:59 | 003,143,576 | ---- | M] () -- D:\Mozilla Firefox\mozjs.dll
MOD - [2013.03.31 03:38:37 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.30 23:44:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll
MOD - [2013.03.30 23:43:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.03.30 23:43:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.03.30 23:43:53 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll
MOD - [2013.03.30 23:43:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.03.30 23:43:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.03.30 23:43:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.03.30 23:43:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.03.30 23:43:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.03.30 23:43:05 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.11 08:59:08 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.31 03:38:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.23 22:57:38 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.04 08:42:06 | 000,127,568 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2013.02.22 08:44:18 | 002,210,376 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2013.01.23 22:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.12.21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012.12.21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.04 15:21:10 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.12.04 15:21:10 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.12.04 15:21:09 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.03 20:23:56 | 000,084,736 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.02.03 20:23:56 | 000,059,520 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.02.01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.04.07 20:57:03 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.04.07 20:52:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.12.21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012.12.21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.19 13:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys -- (atillk64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7A 8B 35 6E 2D CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: B:\java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: B:\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: B:\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: B:\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: B:\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: D:\Mozilla Firefox\components [2013.04.03 12:54:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: D:\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Mozilla Thunderbird\components [2013.03.31 01:24:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Mozilla Thunderbird\plugins
 
[2013.03.31 00:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions
[2013.03.31 17:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions
[2013.03.31 17:35:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions\foxyproxy@eric.h.jung
[2013.03.31 01:01:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qu7f4cso.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8AE74B7-2DF4-47A9-824E-79235F413517}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0895bac7-9950-11e2-9bf0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0895bac7-9950-11e2-9bf0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O33 - MountPoints2\{61d90c3e-999f-11e2-9dac-902b349a10e2}\Shell - "" = AutoRun
O33 - MountPoints2\{61d90c3e-999f-11e2-9dac-902b349a10e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.08 20:51:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
[2013.04.08 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013.04.07 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.04.07 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\TeamViewer
[2013.04.07 22:28:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.04.07 22:28:51 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013.04.05 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.05 18:49:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\LOLReplay
[2013.04.03 03:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2013.04.03 01:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.04.01 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013.04.01 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2013.04.01 15:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FEAR
[2013.04.01 15:00:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.01 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.01 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando
[2013.04.01 14:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando
[2013.04.01 13:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.04.01 04:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.04.01 04:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.04.01 04:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.04.01 04:16:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.04.01 04:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.04.01 04:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.04.01 04:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.04.01 04:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft Help
[2013.04.01 04:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.04.01 01:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.04.01 01:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.01 01:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.01 01:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.01 01:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Apple Computer
[2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple Computer
[2013.04.01 01:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.04.01 01:10:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.01 01:09:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple
[2013.04.01 01:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.04.01 01:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.04.01 00:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.04.01 00:30:59 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.01 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite
[2013.04.01 00:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.04.01 00:29:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited
[2013.04.01 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.04.01 00:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQM
[2013.04.01 00:13:25 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile
[2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.01 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Notepad++
[2013.03.31 21:32:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\LolClient
[2013.03.31 20:00:42 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop\Games
[2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\PMB Files
[2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.03.31 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.03.31 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.03.31 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.03.31 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
[2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013.03.31 16:48:37 | 009,208,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVIA64.dll
[2013.03.31 16:48:37 | 000,908,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.03.31 16:48:37 | 000,394,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.03.31 16:48:37 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013.03.31 16:48:36 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll
[2013.03.31 16:48:36 | 002,099,480 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll
[2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2013.03.31 16:48:36 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll
[2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll
[2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll
[2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2013.03.31 16:48:36 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll
[2013.03.31 16:48:36 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll
[2013.03.31 16:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.03.31 16:46:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013.03.31 16:46:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013.03.31 16:46:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013.03.31 16:46:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013.03.31 16:46:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013.03.31 16:46:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013.03.31 16:46:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013.03.31 16:46:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013.03.31 16:46:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013.03.31 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.03.31 16:11:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.03.31 14:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.31 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\WindowsUpdate
[2013.03.31 14:08:13 | 000,000,000 | R--D | C] -- C:\Users\Manu\Dropbox
[2013.03.31 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.03.31 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Dropbox
[2013.03.31 13:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.03.31 13:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.03.31 04:14:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.03.31 04:09:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\vlc
[2013.03.31 04:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.31 04:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\WinRAR
[2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.31 03:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2013.03.31 03:37:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.31 03:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\LG Electronics
[2013.03.31 03:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Logitech
[2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.03.31 02:38:44 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Leadertech
[2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logitech
[2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logishrd
[2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.31 01:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.03.31 01:57:52 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Adobe
[2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.03.31 01:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.03.31 01:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Thunderbird
[2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Thunderbird
[2013.03.31 00:30:42 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.03.31 00:30:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Macromedia
[2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Macromedia
[2013.03.31 00:26:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.03.31 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Mozilla
[2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Mozilla
[2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.31 00:07:13 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VS Revo Group
[2013.03.30 22:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition
[2013.03.30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS Partition Master 9.2.1 Home Edition
[2013.03.30 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\temp
[2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ATI
[2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\ATI
[2013.03.30 21:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.03.30 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013.03.30 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Adobe
[2013.03.30 20:00:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Avira
[2013.03.30 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.30 19:57:56 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.30 19:57:56 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.30 19:57:56 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.30 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Diagnostics
[2013.03.30 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Programs
[2013.03.30 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Google
[2013.03.30 18:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.03.30 18:16:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Intel Corporation
[2013.03.30 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013.03.30 18:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013.03.30 18:02:06 | 000,084,736 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys
[2013.03.30 18:02:06 | 000,059,520 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys
[2013.03.30 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2013.03.30 18:00:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.03.30 18:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013.03.30 17:59:34 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013.03.30 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2013.03.30 17:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.03.30 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.03.30 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.03.30 17:58:44 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.03.30 17:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.03.30 17:58:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\InstallShield
[2013.03.30 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.03.30 17:56:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.03.30 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Google
[2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\Searches
[2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.30 17:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Identities
[2013.03.30 17:48:24 | 000,000,000 | R--D | C] -- C:\Users\Manu\Contacts
[2013.03.30 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VirtualStore
[2013.03.30 17:48:18 | 000,000,000 | --SD | C] -- C:\Users\Manu\AppData\Roaming\Microsoft
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Videos
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Saved Games
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Pictures
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Music
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Links
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Favorites
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Downloads
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Documents
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Vorlagen
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Verlauf
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Temporary Internet Files
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Startmenü
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\SendTo
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Recent
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Netzwerkumgebung
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Lokale Einstellungen
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Videos
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Musik
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Eigene Dateien
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Bilder
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Druckumgebung
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Cookies
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Anwendungsdaten
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Anwendungsdaten
[2013.03.30 17:48:18 | 000,000,000 | -H-D | C] -- C:\Users\Manu\AppData
[2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Temp
[2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft
[2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Media Center Programs
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.30 17:48:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.03.30 17:40:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.03.30 17:39:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.03.30 17:39:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.03.27 17:38:06 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2013.03.13 05:35:44 | 000,127,568 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
[2013.04.08 20:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.08 20:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 20:13:07 | 000,000,000 | ---- | M] () -- C:\Users\Manu\defogger_reenable
[2013.04.08 20:12:15 | 000,050,477 | ---- | M] () -- C:\Users\Manu\Desktop\Defogger.exe
[2013.04.08 19:13:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 19:13:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 19:10:22 | 001,618,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 19:10:22 | 000,698,912 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 19:10:22 | 000,653,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 19:10:22 | 000,149,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 19:10:22 | 000,121,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.08 19:06:01 | 000,341,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.08 19:05:50 | 2114,703,359 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.08 01:31:05 | 000,000,614 | ---- | M] () -- C:\Users\Manu\Desktop\VLC media player.lnk
[2013.04.07 23:49:21 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.04.07 22:28:51 | 000,000,606 | ---- | M] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk
[2013.04.07 20:52:46 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013.04.07 20:52:28 | 000,002,725 | ---- | M] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk
[2013.04.07 20:29:53 | 000,001,055 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 18:49:37 | 000,000,685 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.04.01 01:37:44 | 000,002,128 | ---- | M] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk
[2013.04.01 01:10:21 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.01 00:32:56 | 000,000,355 | ---- | M] () -- C:\Users\Manu\Desktop\Computer.lnk
[2013.04.01 00:31:28 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.01 00:29:02 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.04.01 00:13:48 | 000,001,806 | ---- | M] () -- C:\Users\Manu\Desktop\ICQ.lnk
[2013.03.31 14:04:44 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.31 13:54:20 | 000,002,130 | ---- | M] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk
[2013.03.31 05:04:40 | 000,001,133 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2013.03.31 04:48:52 | 000,000,675 | ---- | M] () -- C:\Users\Manu\Desktop\eclipse.lnk
[2013.03.31 04:04:39 | 000,000,882 | ---- | M] () -- C:\Users\Manu\Desktop\CCleaner.lnk
[2013.03.31 02:54:36 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013.03.31 01:15:21 | 000,005,766 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.30 22:18:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.03.30 21:21:29 | 000,001,290 | ---- | M] () -- C:\Users\Manu\Desktop\dfrgui.lnk
[2013.03.30 21:20:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.30 19:57:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.30 18:00:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.03.30 17:58:09 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.08 20:13:07 | 000,000,000 | ---- | C] () -- C:\Users\Manu\defogger_reenable
[2013.04.08 20:12:13 | 000,050,477 | ---- | C] () -- C:\Users\Manu\Desktop\Defogger.exe
[2013.04.08 19:05:52 | 000,341,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.08 14:45:30 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk
[2013.04.08 01:31:05 | 000,000,614 | ---- | C] () -- C:\Users\Manu\Desktop\VLC media player.lnk
[2013.04.07 23:49:21 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.04.07 22:28:51 | 000,000,606 | ---- | C] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk
[2013.04.07 20:52:28 | 000,002,725 | ---- | C] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk
[2013.04.05 18:49:37 | 000,000,685 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.04.01 01:37:44 | 000,002,128 | ---- | C] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk
[2013.04.01 01:10:21 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.01 01:09:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.01 00:32:56 | 000,000,355 | ---- | C] () -- C:\Users\Manu\Desktop\Computer.lnk
[2013.04.01 00:31:28 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.01 00:29:02 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.04.01 00:29:02 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013.04.01 00:13:48 | 000,001,806 | ---- | C] () -- C:\Users\Manu\Desktop\ICQ.lnk
[2013.03.31 14:05:50 | 000,001,055 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.31 13:54:20 | 000,002,130 | ---- | C] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk
[2013.03.31 04:48:52 | 000,000,675 | ---- | C] () -- C:\Users\Manu\Desktop\eclipse.lnk
[2013.03.31 04:04:39 | 000,000,882 | ---- | C] () -- C:\Users\Manu\Desktop\CCleaner.lnk
[2013.03.31 03:38:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 03:19:55 | 000,000,988 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.03.31 02:54:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013.03.31 02:54:22 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013.03.31 02:13:42 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.31 01:55:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.31 01:48:42 | 001,202,688 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2013.03.31 01:48:42 | 000,965,120 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2013.03.31 01:24:03 | 000,000,776 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.03.31 01:12:27 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL
[2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL
[2013.03.31 00:17:16 | 000,000,681 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.30 22:56:21 | 000,001,133 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2013.03.30 22:45:52 | 003,376,640 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2013.03.30 22:45:52 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\¸´¼þ BootMan.exe
[2013.03.30 22:45:52 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013.03.30 22:45:52 | 000,100,936 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2013.03.30 22:45:52 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013.03.30 22:45:52 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013.03.30 22:45:52 | 000,017,480 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2013.03.30 22:45:52 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2013.03.30 22:45:52 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013.03.30 22:45:52 | 000,009,800 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2013.03.30 22:45:52 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013.03.30 22:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.03.30 21:43:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.30 21:43:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.30 21:21:29 | 000,001,290 | ---- | C] () -- C:\Users\Manu\Desktop\dfrgui.lnk
[2013.03.30 21:20:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.30 19:57:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.30 18:14:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.03.30 18:02:20 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe
[2013.03.30 18:02:20 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys
[2013.03.30 18:00:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.03.30 17:59:11 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.03.30 17:54:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.03.30 17:49:08 | 000,001,413 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.30 17:42:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.03.30 17:41:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.03.30 17:39:43 | 2114,703,359 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.01 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited
[2013.04.01 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite
[2013.04.08 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Dropbox
[2013.04.01 16:13:19 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile
[2013.04.01 00:15:00 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQM
[2013.03.31 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Leadertech
[2013.03.31 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\LolClient
[2013.04.01 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Notepad++
[2013.04.07 23:48:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\TeamViewer
[2013.03.31 01:24:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 08.04.2013 20:53:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 78,04% Memory free
15,92 Gb Paging File | 12,94 Gb Available in Paging File | 81,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,58 Gb Total Space | 23,90 Gb Free Space | 40,80% Space Free | Partition Type: NTFS
Drive D: | 200,01 Gb Total Space | 175,04 Gb Free Space | 87,52% Space Free | Partition Type: NTFS
Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
 
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031F1983-C75E-4569-A535-840F0351AC1F}" = lport=56225 | protocol=6 | dir=in | name=pando media booster | 
"{0341519C-068A-4FB8-83EE-FDF5773B840E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{14179E81-E3AD-4BA7-91E7-186B78011952}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18D2567E-258F-4892-AA97-CC97AB27C5F8}" = lport=56225 | protocol=6 | dir=in | name=pando media booster | 
"{1CF4F6A6-2F63-421F-93DD-590330F7D754}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1DB22F07-EC34-4D55-95D5-B90C0C8EF894}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{23D60832-4260-47BE-94B6-83513048D8E2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{35A06E48-BD5F-4759-8D15-544D0EFD400E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A1050B1-1E4A-4E52-A568-A06469876BB8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{44F048B9-F3AF-4D7C-B72A-10CC8E92FAEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C1A1B06-973D-4080-80B0-6ACC1229C836}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4F275EFE-156F-4F5D-BC70-8BC93D265CE3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5D793D1C-0CBD-4681-8A9C-F048421F4C0F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F2C8771-26B7-4A63-874C-938CF85304CC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9073E733-204D-4188-8E32-7B1120B04790}" = lport=56225 | protocol=17 | dir=in | name=pando media booster | 
"{999582A1-66C0-42E4-B85A-7A56CC4C9795}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A320B3FA-D083-4179-B54A-03906C39092B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A73F3FFC-034E-4897-A50B-57102C398418}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B479781A-403D-4234-8AA4-7CE3B59C0717}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BC6619D7-975C-4E3D-BF95-748D38443B6B}" = lport=56225 | protocol=17 | dir=in | name=pando media booster | 
"{C6833C73-F311-453B-8817-604D02F0FB71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4958789-9510-4DB3-8AEF-F814E3794866}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D9A8EFDD-F31B-41AB-A9F6-68934CB51934}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F96377A7-DDEB-4B0E-881F-B77432C64415}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FE1552AE-6AAE-4047-962B-853E2BE1EBF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8AC594-1273-4289-9855-47BEF9A326D7}" = protocol=17 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe | 
"{10308AF5-2D14-454E-ABF4-AE2DD84BD517}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{1E6F47F8-23C8-4F9E-80B9-4DDE79473E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1EE68ED4-8812-4848-B956-A85818A0D49B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F987AAC-AA6B-45F3-865B-FE4D594C393C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{22BFBAB9-36E4-4EE2-846A-D796DFAA3E61}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{311FD73B-DFA0-4A15-A598-4E7A3B400CC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3266EE77-60A1-48D5-B2B8-BC2D4EC018F0}" = protocol=6 | dir=in | app=c:\users\manu\appdata\roaming\icqm\icq.exe | 
"{372F294B-5536-4544-A879-661581BEC0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3A17983A-B0A2-47F8-B67E-731CA9A25211}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3B83DC43-D6B3-4A4B-926A-AFAB02A634A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{457B8609-2F05-46D1-A979-4630E9C6C537}" = protocol=17 | dir=in | app=d:\fear\fear.exe | 
"{4A897B08-3EE8-4BEF-B4D0-2B64197041A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4AFAD137-95A4-4EA5-B1EB-108CF670D808}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{54719C49-B718-406A-A928-3B462830EF09}" = protocol=17 | dir=in | app=d:\steam\steamapps\nighty3991\counter-strike source\hl2.exe | 
"{5686905E-6543-40DB-862E-627800D86507}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{58687D5D-70F2-49C4-B5D5-C9C5B7525B9E}" = dir=in | app=d:\itunes\itunes.exe | 
"{6A127504-B811-4AC9-9AF9-859EDD0CAD40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6E37BF52-1A16-4794-A131-6466771E15F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7B533DD0-0EA0-4F7D-A14B-2EFBD452F2FB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7EC24F1B-3028-4DC3-BD2F-B3B12A0B7D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{825EC11F-8B2C-4452-B637-D07D9E20AB9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{83BB6836-2AC7-4E81-926E-B6932377B6E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{85554CB0-7100-43F9-900F-B7A490451B02}" = protocol=6 | dir=in | app=d:\fear\fear.exe | 
"{8654B13D-47CA-4E74-BE11-C59D0F051B28}" = protocol=17 | dir=in | app=d:\microsoft office\office14\groove.exe | 
"{8773C718-E881-4829-89B5-5338AC43871D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8CED9914-3EED-47D3-AFDD-28C128E9E90C}" = protocol=6 | dir=in | app=d:\microsoft office\office14\groove.exe | 
"{9A0D55D3-4A94-4DFA-BCA2-5ED3482A47D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9FEC1BDB-01F2-4F5E-8BE2-614230BC100B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB98FC86-2AC9-411F-80E7-172D45B0381D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE7B9EC9-BAA9-498F-8863-D701400CC1D3}" = protocol=17 | dir=in | app=c:\users\manu\appdata\roaming\icqm\icq.exe | 
"{B1885A38-78A9-4EA7-919B-955F4899E852}" = protocol=6 | dir=in | app=d:\steam\steamapps\nighty3991\counter-strike source\hl2.exe | 
"{B60EDBA3-DAF2-4A3F-9D6A-C0584D2BB681}" = protocol=17 | dir=in | app=d:\fear\fearmp.exe | 
"{B80F148A-9091-444A-9B44-5A151E62556E}" = protocol=6 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BE975D38-61F2-4BEF-BC79-95325B0013FE}" = protocol=6 | dir=in | app=d:\fear\fearmp.exe | 
"{C5BBA117-4CC2-445A-B440-6FE68E0B1581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C6670353-8479-471E-BECE-18B440CED54B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD009C05-744E-48FF-A094-FCC402EC76F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D073E1BA-A6B5-40CE-B668-DE0A4CD0F7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D3768177-3557-410B-921F-655E76B11B4D}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{D6871115-5D8E-4992-9FA9-DEFBDE30E941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E754E7AC-9B60-4047-9ACF-28FD00B7921E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E86DCA81-61C8-4E94-B3C9-20F1361F35E4}" = protocol=6 | dir=out | app=system | 
"{FA321214-3BCF-4B64-8867-CED9C4452D22}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{4A549C80-9E6C-435B-AB67-2ECD98A43989}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{A500811B-8289-4148-BF87-2FD08977160D}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{1EA2B7A5-47CD-4B25-9FA0-1D3C2070692F}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{57A77C1A-1D12-485E-B711-A1D756D9FC4F}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.45
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = Catalyst Control Center
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Afterburner" = MSI Afterburner 2.3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LOLReplay" = LOLReplay
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"ICQ" = ICQ 8.0 (build 6008, für aktuellen Benutzer)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2013 14:46:46 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5008
 
Error - 08.04.2013 14:46:46 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
 
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
 
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
 
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error - 08.04.2013 14:46:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.04.2013 14:46:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
[ System Events ]
Error - 08.04.2013 11:25:39 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
 Service" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 08.04.2013 11:26:11 | Computer Name = Manu-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 08.04.2013 11:31:46 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Management and Security Application Local Management Service erreicht.
 
Error - 08.04.2013 11:31:46 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
 Service" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 08.04.2013 11:36:18 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Management and Security Application Local Management Service erreicht.
 
Error - 08.04.2013 11:36:18 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
 Service" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 08.04.2013 13:06:07 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Management and Security Application Local Management Service erreicht.
 
Error - 08.04.2013 13:06:07 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
 Service" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 08.04.2013 13:06:28 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473536.
 
Error - 08.04.2013 13:06:28 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         
Gmer.txt
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 21:11:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Manu\AppData\Local\Temp\kwtdypog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\spoolsv.exe [1340:2312]   000007fef9f910c8
Thread  C:\Windows\System32\spoolsv.exe [1340:2320]   000007fef72a6144
Thread  C:\Windows\System32\spoolsv.exe [1340:2324]   000007fef6de5fd0
Thread  C:\Windows\System32\spoolsv.exe [1340:2328]   000007fef9e93438
Thread  C:\Windows\System32\spoolsv.exe [1340:2332]   000007fef6de63ec
Thread  C:\Windows\System32\spoolsv.exe [1340:2340]   000007fef8f35e5c
Thread  C:\Windows\system32\taskhost.exe [1892:1192]  000007fef9e61f38
Thread  C:\Windows\system32\taskhost.exe [1892:1248]  000007fef9e02740
Thread  C:\Windows\system32\taskhost.exe [1892:2136]  000007fef8ef1010
Thread  C:\Windows\system32\taskhost.exe [1892:1316]  000007fef9b95170
Thread  C:\Windows\System32\svchost.exe [2432:4232]   000007fef5df9688
Thread  C:\Windows\system32\svchost.exe [3616:3652]   000007fef2378470
Thread  C:\Windows\system32\svchost.exe [3616:3656]   000007fef2382418
Thread  C:\Windows\system32\svchost.exe [3616:2616]   000007fef0f6f130
Thread  C:\Windows\system32\svchost.exe [3616:3096]   000007fef0f64734
Thread  C:\Windows\system32\svchost.exe [3616:3124]   000007fef6de5fd0
Thread  C:\Windows\system32\svchost.exe [3616:3364]   000007fef6de63ec
Thread  C:\Windows\system32\svchost.exe [3616:4596]   000007fef0f64734
Thread  C:\Windows\system32\svchost.exe [3616:1576]   000007fef9975124

---- EOF - GMER 2.1 ----
         
Viele Grüße, Manuel!

Ok kleine Ergänzung: Der Bootvirus ist wohl noch auf der externen Festplatte, obwohl ich diese per Windows-Schnellformatierung formatiert habe und sie theoretisch leer ist.
Ist die Externe angeschlossen, erhalte ich beim Scan Virenwarnungen in beiden Verzeichnissen, wenn ich einen Virenscan ohne die Externe starte ist alles clean!

Geändert von Manu39 (08.04.2013 um 20:44 Uhr)

Alt 09.04.2013, 02:37   #2
aharonov
/// TB-Ausbilder
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hallo Manuel,

schliesse bitte die besagte externe Festplatte an und mache diesen Scan:


Schritt 1

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan.
  • Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von TDSSKiller
__________________

__________________

Alt 09.04.2013, 12:25   #3
Manu39
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hey Leo,
vielen Dank für die schnelle Antwort!

Hab deine Anweisungen der Reihe nach genaustens befolgt, und es wurde "Rootkit.Boot.Wistler.a" gefunden.

Hier das Logfile:

Code:
ATTFilter
13:21:02.0478 1616  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:21:02.0649 1616  ============================================================
13:21:02.0649 1616  Current date / time: 2013/04/09 13:21:02.0649
13:21:02.0649 1616  SystemInfo:
13:21:02.0649 1616  
13:21:02.0649 1616  OS Version: 6.1.7601 ServicePack: 1.0
13:21:02.0649 1616  Product type: Workstation
13:21:02.0649 1616  ComputerName: MANU-PC
13:21:02.0649 1616  UserName: Manu
13:21:02.0649 1616  Windows directory: C:\Windows
13:21:02.0649 1616  System windows directory: C:\Windows
13:21:02.0649 1616  Running under WOW64
13:21:02.0649 1616  Processor architecture: Intel x64
13:21:02.0649 1616  Number of processors: 4
13:21:02.0649 1616  Page size: 0x1000
13:21:02.0649 1616  Boot type: Normal boot
13:21:02.0649 1616  ============================================================
13:21:03.0149 1616  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:03.0149 1616  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:21:03.0159 1616  ============================================================
13:21:03.0159 1616  \Device\Harddisk0\DR0:
13:21:03.0159 1616  MBR partitions:
13:21:03.0159 1616  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:21:03.0159 1616  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7528EEC
13:21:03.0179 1616  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x755B72B, BlocksNum 0x1900297E
13:21:03.0199 1616  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2055E0E8, BlocksNum 0x541A78D9
13:21:03.0199 1616  \Device\Harddisk1\DR1:
13:21:03.0199 1616  MBR partitions:
13:21:03.0199 1616  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
13:21:03.0199 1616  ============================================================
13:21:03.0239 1616  C: <-> \Device\Harddisk0\DR0\Partition2
13:21:03.0269 1616  D: <-> \Device\Harddisk0\DR0\Partition3
13:21:03.0319 1616  E: <-> \Device\Harddisk0\DR0\Partition4
13:21:03.0329 1616  I: <-> \Device\Harddisk1\DR1\Partition1
13:21:03.0329 1616  ============================================================
13:21:03.0329 1616  Initialize success
13:21:03.0329 1616  ============================================================
13:21:14.0339 2084  ============================================================
13:21:14.0339 2084  Scan started
13:21:14.0339 2084  Mode: Manual; 
13:21:14.0339 2084  ============================================================
13:21:14.0449 2084  ================ Scan system memory ========================
13:21:14.0449 2084  System memory - ok
13:21:14.0449 2084  ================ Scan services =============================
13:21:14.0549 2084  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:21:14.0559 2084  1394ohci - ok
13:21:14.0579 2084  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:21:14.0579 2084  ACPI - ok
13:21:14.0589 2084  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:21:14.0589 2084  AcpiPmi - ok
13:21:14.0650 2084  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:21:14.0660 2084  AdobeARMservice - ok
13:21:14.0750 2084  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:21:14.0760 2084  AdobeFlashPlayerUpdateSvc - ok
13:21:14.0780 2084  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:21:14.0790 2084  adp94xx - ok
13:21:14.0800 2084  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:21:14.0810 2084  adpahci - ok
13:21:14.0840 2084  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:21:14.0840 2084  adpu320 - ok
13:21:14.0870 2084  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:21:14.0880 2084  AeLookupSvc - ok
13:21:14.0910 2084  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:21:14.0910 2084  AFD - ok
13:21:14.0930 2084  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:21:14.0930 2084  agp440 - ok
13:21:14.0940 2084  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:21:14.0940 2084  ALG - ok
13:21:14.0950 2084  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:21:14.0950 2084  aliide - ok
13:21:14.0970 2084  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:21:14.0980 2084  AMD External Events Utility - ok
13:21:14.0990 2084  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:21:14.0990 2084  amdide - ok
13:21:14.0990 2084  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:21:15.0000 2084  AmdK8 - ok
13:21:15.0150 2084  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:21:15.0290 2084  amdkmdag - ok
13:21:15.0360 2084  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:21:15.0360 2084  amdkmdap - ok
13:21:15.0380 2084  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:21:15.0390 2084  AmdPPM - ok
13:21:15.0410 2084  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:21:15.0420 2084  amdsata - ok
13:21:15.0420 2084  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:21:15.0430 2084  amdsbs - ok
13:21:15.0440 2084  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:21:15.0440 2084  amdxata - ok
13:21:15.0500 2084  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:21:15.0510 2084  AntiVirSchedulerService - ok
13:21:15.0530 2084  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:21:15.0540 2084  AntiVirService - ok
13:21:15.0540 2084  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:21:15.0550 2084  AppID - ok
13:21:15.0550 2084  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:21:15.0550 2084  AppIDSvc - ok
13:21:15.0560 2084  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:21:15.0560 2084  Appinfo - ok
13:21:15.0610 2084  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:21:15.0610 2084  Apple Mobile Device - ok
13:21:15.0640 2084  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
13:21:15.0640 2084  AppleCharger - ok
13:21:15.0650 2084  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
13:21:15.0650 2084  AppleChargerSrv - ok
13:21:15.0680 2084  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:21:15.0690 2084  AppMgmt - ok
13:21:15.0700 2084  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
13:21:15.0710 2084  arc - ok
13:21:15.0710 2084  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:21:15.0720 2084  arcsas - ok
13:21:15.0800 2084  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:21:15.0810 2084  aspnet_state - ok
13:21:15.0830 2084  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:15.0830 2084  AsyncMac - ok
13:21:15.0840 2084  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:21:15.0850 2084  atapi - ok
13:21:15.0870 2084  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:21:15.0880 2084  AtiHDAudioService - ok
13:21:15.0940 2084  [ 26D973D6D9A0D133DFDA7D8C1ADC04B7 ] atillk64        C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys
13:21:15.0950 2084  atillk64 - ok
13:21:15.0960 2084  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:21:15.0970 2084  AudioEndpointBuilder - ok
13:21:15.0980 2084  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:21:15.0980 2084  AudioSrv - ok
13:21:16.0000 2084  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:21:16.0000 2084  avgntflt - ok
13:21:16.0020 2084  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:21:16.0020 2084  avipbb - ok
13:21:16.0040 2084  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:21:16.0040 2084  avkmgr - ok
13:21:16.0060 2084  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:21:16.0060 2084  AxInstSV - ok
13:21:16.0070 2084  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:21:16.0080 2084  b06bdrv - ok
13:21:16.0090 2084  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:21:16.0100 2084  b57nd60a - ok
13:21:16.0110 2084  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:21:16.0110 2084  BDESVC - ok
13:21:16.0120 2084  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:21:16.0120 2084  Beep - ok
13:21:16.0170 2084  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:21:16.0190 2084  BFE - ok
13:21:16.0220 2084  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:21:16.0220 2084  BITS - ok
13:21:16.0230 2084  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:21:16.0240 2084  blbdrive - ok
13:21:16.0290 2084  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:21:16.0300 2084  Bonjour Service - ok
13:21:16.0310 2084  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:21:16.0320 2084  bowser - ok
13:21:16.0320 2084  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:21:16.0330 2084  BrFiltLo - ok
13:21:16.0330 2084  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:21:16.0330 2084  BrFiltUp - ok
13:21:16.0350 2084  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:21:16.0360 2084  Browser - ok
13:21:16.0360 2084  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:21:16.0370 2084  Brserid - ok
13:21:16.0370 2084  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:16.0380 2084  BrSerWdm - ok
13:21:16.0380 2084  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:16.0380 2084  BrUsbMdm - ok
13:21:16.0380 2084  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:21:16.0390 2084  BrUsbSer - ok
13:21:16.0390 2084  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:21:16.0390 2084  BTHMODEM - ok
13:21:16.0410 2084  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:21:16.0420 2084  bthserv - ok
13:21:16.0430 2084  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:21:16.0430 2084  cdfs - ok
13:21:16.0460 2084  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:21:16.0460 2084  cdrom - ok
13:21:16.0470 2084  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:21:16.0470 2084  CertPropSvc - ok
13:21:16.0470 2084  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
13:21:16.0480 2084  circlass - ok
13:21:16.0490 2084  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:21:16.0490 2084  CLFS - ok
13:21:16.0530 2084  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:16.0530 2084  clr_optimization_v2.0.50727_32 - ok
13:21:16.0570 2084  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:21:16.0580 2084  clr_optimization_v2.0.50727_64 - ok
13:21:16.0640 2084  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:16.0650 2084  clr_optimization_v4.0.30319_32 - ok
13:21:16.0660 2084  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:21:16.0670 2084  clr_optimization_v4.0.30319_64 - ok
13:21:16.0670 2084  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:21:16.0670 2084  CmBatt - ok
13:21:16.0700 2084  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:21:16.0700 2084  cmdide - ok
13:21:16.0730 2084  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
13:21:16.0750 2084  CNG - ok
13:21:16.0770 2084  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:21:16.0770 2084  Compbatt - ok
13:21:16.0790 2084  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:21:16.0790 2084  CompositeBus - ok
13:21:16.0800 2084  COMSysApp - ok
13:21:16.0810 2084  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:21:16.0810 2084  crcdisk - ok
13:21:16.0850 2084  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:21:16.0850 2084  CryptSvc - ok
13:21:16.0880 2084  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
13:21:16.0890 2084  CSC - ok
13:21:16.0900 2084  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
13:21:16.0900 2084  CscService - ok
13:21:16.0930 2084  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:21:16.0940 2084  DcomLaunch - ok
13:21:16.0950 2084  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:21:16.0960 2084  defragsvc - ok
13:21:16.0960 2084  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:21:16.0960 2084  DfsC - ok
13:21:16.0970 2084  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:21:16.0970 2084  Dhcp - ok
13:21:16.0980 2084  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:21:16.0980 2084  discache - ok
13:21:16.0990 2084  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
13:21:16.0990 2084  Disk - ok
13:21:17.0020 2084  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:21:17.0020 2084  dmvsc - ok
13:21:17.0040 2084  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:21:17.0050 2084  Dnscache - ok
13:21:17.0050 2084  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:21:17.0060 2084  dot3svc - ok
13:21:17.0060 2084  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:21:17.0070 2084  DPS - ok
13:21:17.0090 2084  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:21:17.0090 2084  drmkaud - ok
13:21:17.0120 2084  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:21:17.0120 2084  dtsoftbus01 - ok
13:21:17.0150 2084  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:21:17.0170 2084  DXGKrnl - ok
13:21:17.0170 2084  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:21:17.0180 2084  EapHost - ok
13:21:17.0220 2084  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:21:17.0310 2084  ebdrv - ok
13:21:17.0330 2084  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:21:17.0340 2084  EFS - ok
13:21:17.0380 2084  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:21:17.0400 2084  ehRecvr - ok
13:21:17.0430 2084  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:21:17.0440 2084  ehSched - ok
13:21:17.0450 2084  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:21:17.0460 2084  elxstor - ok
13:21:17.0500 2084  [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
13:21:17.0500 2084  epmntdrv - ok
13:21:17.0510 2084  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:21:17.0520 2084  ErrDev - ok
13:21:17.0540 2084  [ 84486624268E078255BC7AA47F0960BC ] etdrv           C:\Windows\etdrv.sys
13:21:17.0550 2084  etdrv - ok
13:21:17.0580 2084  [ 6CF515B48E0692070EED439BB73A9949 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
13:21:17.0580 2084  EtronHub3 - ok
13:21:17.0600 2084  [ EEA621DB1DAC0AB1EE901140AC381952 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
13:21:17.0610 2084  EtronXHCI - ok
13:21:17.0610 2084  [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
13:21:17.0610 2084  EuGdiDrv - ok
13:21:17.0630 2084  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:21:17.0640 2084  EventSystem - ok
13:21:17.0640 2084  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:21:17.0650 2084  exfat - ok
13:21:17.0650 2084  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:21:17.0660 2084  fastfat - ok
13:21:17.0690 2084  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:21:17.0690 2084  Fax - ok
13:21:17.0700 2084  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
13:21:17.0700 2084  fdc - ok
13:21:17.0710 2084  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:21:17.0710 2084  fdPHost - ok
13:21:17.0720 2084  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:21:17.0730 2084  FDResPub - ok
13:21:17.0730 2084  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:21:17.0740 2084  FileInfo - ok
13:21:17.0750 2084  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:21:17.0760 2084  Filetrace - ok
13:21:17.0760 2084  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:21:17.0760 2084  flpydisk - ok
13:21:17.0760 2084  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:21:17.0770 2084  FltMgr - ok
13:21:17.0800 2084  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
13:21:17.0810 2084  FontCache - ok
13:21:17.0850 2084  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:17.0850 2084  FontCache3.0.0.0 - ok
13:21:17.0860 2084  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:21:17.0860 2084  FsDepends - ok
13:21:17.0900 2084  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:21:17.0900 2084  Fs_Rec - ok
13:21:17.0910 2084  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:21:17.0910 2084  fvevol - ok
13:21:17.0930 2084  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:21:17.0930 2084  gagp30kx - ok
13:21:17.0960 2084  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
13:21:17.0970 2084  gdrv - ok
13:21:18.0000 2084  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:21:18.0010 2084  GEARAspiWDM - ok
13:21:18.0030 2084  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:21:18.0040 2084  gpsvc - ok
13:21:18.0080 2084  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
13:21:18.0080 2084  GVTDrv64 - ok
13:21:18.0100 2084  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:21:18.0100 2084  hcw85cir - ok
13:21:18.0120 2084  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:21:18.0130 2084  HdAudAddService - ok
13:21:18.0130 2084  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:21:18.0130 2084  HDAudBus - ok
13:21:18.0140 2084  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:21:18.0140 2084  HidBatt - ok
13:21:18.0140 2084  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:21:18.0150 2084  HidBth - ok
13:21:18.0150 2084  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:21:18.0150 2084  HidIr - ok
13:21:18.0150 2084  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
13:21:18.0160 2084  hidserv - ok
13:21:18.0160 2084  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:21:18.0160 2084  HidUsb - ok
13:21:18.0180 2084  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:21:18.0180 2084  hkmsvc - ok
13:21:18.0190 2084  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:21:18.0200 2084  HomeGroupListener - ok
13:21:18.0220 2084  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:21:18.0220 2084  HomeGroupProvider - ok
13:21:18.0230 2084  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:21:18.0240 2084  HpSAMD - ok
13:21:18.0250 2084  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:21:18.0250 2084  HTTP - ok
13:21:18.0270 2084  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:21:18.0270 2084  hwpolicy - ok
13:21:18.0280 2084  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:21:18.0280 2084  i8042prt - ok
13:21:18.0310 2084  [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:21:18.0310 2084  iaStor - ok
13:21:18.0350 2084  [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:21:18.0360 2084  IAStorDataMgrSvc - ok
13:21:18.0380 2084  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:21:18.0390 2084  iaStorV - ok
13:21:18.0420 2084  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
13:21:18.0430 2084  ICCS - ok
13:21:18.0470 2084  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:21:18.0480 2084  IDriverT - ok
13:21:18.0520 2084  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:21:18.0580 2084  idsvc - ok
13:21:18.0590 2084  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:21:18.0600 2084  iirsp - ok
13:21:18.0620 2084  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:21:18.0640 2084  IKEEXT - ok
13:21:18.0670 2084  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:21:18.0680 2084  Intel(R) Capability Licensing Service Interface - ok
13:21:18.0700 2084  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:21:18.0700 2084  intelide - ok
13:21:18.0710 2084  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:21:18.0710 2084  intelppm - ok
13:21:18.0720 2084  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:21:18.0730 2084  IPBusEnum - ok
13:21:18.0730 2084  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:18.0740 2084  IpFilterDriver - ok
13:21:18.0760 2084  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:21:18.0770 2084  iphlpsvc - ok
13:21:18.0770 2084  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:21:18.0780 2084  IPMIDRV - ok
13:21:18.0780 2084  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:21:18.0780 2084  IPNAT - ok
13:21:18.0820 2084  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:21:18.0830 2084  iPod Service - ok
13:21:18.0830 2084  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:21:18.0830 2084  IRENUM - ok
13:21:18.0840 2084  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:21:18.0840 2084  isapnp - ok
13:21:18.0860 2084  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:21:18.0870 2084  iScsiPrt - ok
13:21:18.0890 2084  [ 7A4D015FF432645C55C162DADAEA143E ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:21:18.0890 2084  iusb3hcs - ok
13:21:18.0900 2084  [ 5D6164479F6F900ACD287FDC6935532E ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
13:21:18.0910 2084  iusb3hub - ok
13:21:18.0930 2084  [ 9F5687C7EFA906E4F33586D393F7C257 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:21:18.0940 2084  iusb3xhc - ok
13:21:18.0970 2084  [ 4E5DB6816F165C0C7A7FAA0055788884 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:21:18.0980 2084  jhi_service - ok
13:21:18.0990 2084  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:18.0990 2084  kbdclass - ok
13:21:19.0000 2084  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:21:19.0000 2084  kbdhid - ok
13:21:19.0010 2084  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:21:19.0010 2084  KeyIso - ok
13:21:19.0030 2084  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:21:19.0040 2084  KSecDD - ok
13:21:19.0050 2084  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:21:19.0060 2084  KSecPkg - ok
13:21:19.0080 2084  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:21:19.0080 2084  ksthunk - ok
13:21:19.0110 2084  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:21:19.0120 2084  KtmRm - ok
13:21:19.0130 2084  [ C669E616F41060C37F868B2BBAD92632 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
13:21:19.0140 2084  L1C - ok
13:21:19.0150 2084  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:21:19.0160 2084  LanmanServer - ok
13:21:19.0180 2084  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:21:19.0180 2084  LanmanWorkstation - ok
13:21:19.0210 2084  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
13:21:19.0220 2084  LGBusEnum - ok
13:21:19.0230 2084  [ CDDC07D414B08FECD48E4940C29F483F ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
13:21:19.0240 2084  LGSHidFilt - ok
13:21:19.0250 2084  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
13:21:19.0260 2084  LGVirHid - ok
13:21:19.0270 2084  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:21:19.0280 2084  lltdio - ok
13:21:19.0310 2084  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:21:19.0320 2084  lltdsvc - ok
13:21:19.0340 2084  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:21:19.0340 2084  lmhosts - ok
13:21:19.0370 2084  [ DF9ADD70659EA4F2A17075524E043FD8 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:21:19.0380 2084  LMS - ok
13:21:19.0400 2084  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:21:19.0400 2084  LSI_FC - ok
13:21:19.0410 2084  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:21:19.0410 2084  LSI_SAS - ok
13:21:19.0420 2084  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:21:19.0420 2084  LSI_SAS2 - ok
13:21:19.0420 2084  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:21:19.0430 2084  LSI_SCSI - ok
13:21:19.0430 2084  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:21:19.0430 2084  luafv - ok
13:21:19.0440 2084  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:21:19.0440 2084  Mcx2Svc - ok
13:21:19.0450 2084  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:21:19.0450 2084  megasas - ok
13:21:19.0450 2084  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:21:19.0460 2084  MegaSR - ok
13:21:19.0480 2084  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:21:19.0480 2084  MEIx64 - ok
13:21:19.0550 2084  Microsoft SharePoint Workspace Audit Service - ok
13:21:19.0570 2084  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:21:19.0570 2084  MMCSS - ok
13:21:19.0580 2084  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:21:19.0590 2084  Modem - ok
13:21:19.0610 2084  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:21:19.0610 2084  monitor - ok
13:21:19.0620 2084  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:21:19.0630 2084  mouclass - ok
13:21:19.0630 2084  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:21:19.0640 2084  mouhid - ok
13:21:19.0640 2084  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:21:19.0640 2084  mountmgr - ok
13:21:19.0680 2084  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:21:19.0680 2084  MozillaMaintenance - ok
13:21:19.0690 2084  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:21:19.0700 2084  mpio - ok
13:21:19.0700 2084  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:21:19.0710 2084  mpsdrv - ok
13:21:19.0740 2084  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:21:19.0760 2084  MpsSvc - ok
13:21:19.0760 2084  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:21:19.0770 2084  MRxDAV - ok
13:21:19.0790 2084  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:19.0800 2084  mrxsmb - ok
13:21:19.0810 2084  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:19.0820 2084  mrxsmb10 - ok
13:21:19.0830 2084  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:19.0840 2084  mrxsmb20 - ok
13:21:19.0840 2084  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:21:19.0850 2084  msahci - ok
13:21:19.0850 2084  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:21:19.0860 2084  msdsm - ok
13:21:19.0870 2084  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:21:19.0870 2084  MSDTC - ok
13:21:19.0880 2084  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:21:19.0880 2084  Msfs - ok
13:21:19.0890 2084  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:21:19.0900 2084  mshidkmdf - ok
13:21:19.0900 2084  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:21:19.0900 2084  msisadrv - ok
13:21:19.0920 2084  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:21:19.0930 2084  MSiSCSI - ok
13:21:19.0930 2084  msiserver - ok
13:21:19.0950 2084  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:21:19.0960 2084  MSKSSRV - ok
13:21:19.0970 2084  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:19.0980 2084  MSPCLOCK - ok
13:21:20.0000 2084  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:21:20.0000 2084  MSPQM - ok
13:21:20.0010 2084  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:21:20.0010 2084  MsRPC - ok
13:21:20.0020 2084  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:21:20.0020 2084  mssmbios - ok
13:21:20.0020 2084  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:21:20.0020 2084  MSTEE - ok
13:21:20.0030 2084  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:21:20.0030 2084  MTConfig - ok
13:21:20.0040 2084  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:21:20.0040 2084  Mup - ok
13:21:20.0060 2084  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:21:20.0070 2084  napagent - ok
13:21:20.0080 2084  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:21:20.0090 2084  NativeWifiP - ok
13:21:20.0120 2084  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:21:20.0130 2084  NDIS - ok
13:21:20.0140 2084  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:20.0150 2084  NdisCap - ok
13:21:20.0150 2084  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:20.0150 2084  NdisTapi - ok
13:21:20.0150 2084  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:20.0160 2084  Ndisuio - ok
13:21:20.0160 2084  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:20.0160 2084  NdisWan - ok
13:21:20.0170 2084  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:21:20.0170 2084  NDProxy - ok
13:21:20.0170 2084  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:21:20.0180 2084  NetBIOS - ok
13:21:20.0180 2084  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:21:20.0180 2084  NetBT - ok
13:21:20.0190 2084  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:21:20.0190 2084  Netlogon - ok
13:21:20.0220 2084  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:21:20.0220 2084  Netman - ok
13:21:20.0240 2084  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0250 2084  NetMsmqActivator - ok
13:21:20.0250 2084  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0250 2084  NetPipeActivator - ok
13:21:20.0270 2084  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:21:20.0280 2084  netprofm - ok
13:21:20.0280 2084  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0280 2084  NetTcpActivator - ok
13:21:20.0280 2084  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0290 2084  NetTcpPortSharing - ok
13:21:20.0300 2084  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:21:20.0300 2084  nfrd960 - ok
13:21:20.0320 2084  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:21:20.0320 2084  NlaSvc - ok
13:21:20.0320 2084  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:21:20.0330 2084  Npfs - ok
13:21:20.0340 2084  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:21:20.0340 2084  nsi - ok
13:21:20.0350 2084  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:21:20.0350 2084  nsiproxy - ok
13:21:20.0390 2084  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:21:20.0440 2084  Ntfs - ok
13:21:20.0450 2084  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:21:20.0450 2084  Null - ok
13:21:20.0470 2084  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:21:20.0480 2084  nvraid - ok
13:21:20.0500 2084  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:21:20.0510 2084  nvstor - ok
13:21:20.0530 2084  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:21:20.0540 2084  nv_agp - ok
13:21:20.0540 2084  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:21:20.0550 2084  ohci1394 - ok
13:21:20.0600 2084  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:20.0610 2084  ose - ok
13:21:20.0720 2084  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:21:20.0790 2084  osppsvc - ok
13:21:20.0810 2084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:21:20.0810 2084  p2pimsvc - ok
13:21:20.0820 2084  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:21:20.0830 2084  p2psvc - ok
13:21:20.0830 2084  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
13:21:20.0840 2084  Parport - ok
13:21:20.0860 2084  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:21:20.0860 2084  partmgr - ok
13:21:20.0870 2084  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:21:20.0870 2084  PcaSvc - ok
13:21:20.0880 2084  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:21:20.0880 2084  pci - ok
13:21:20.0890 2084  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:21:20.0890 2084  pciide - ok
13:21:20.0900 2084  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:21:20.0900 2084  pcmcia - ok
13:21:20.0910 2084  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:21:20.0910 2084  pcw - ok
13:21:20.0910 2084  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:21:20.0920 2084  PEAUTH - ok
13:21:20.0950 2084  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:21:20.0970 2084  PeerDistSvc - ok
13:21:21.0030 2084  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:21:21.0040 2084  PerfHost - ok
13:21:21.0070 2084  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:21:21.0100 2084  pla - ok
13:21:21.0130 2084  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:21:21.0140 2084  PlugPlay - ok
13:21:21.0150 2084  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:21:21.0160 2084  PNRPAutoReg - ok
13:21:21.0170 2084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:21:21.0180 2084  PNRPsvc - ok
13:21:21.0210 2084  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:21:21.0220 2084  PolicyAgent - ok
13:21:21.0240 2084  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:21:21.0240 2084  Power - ok
13:21:21.0260 2084  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:21:21.0260 2084  PptpMiniport - ok
13:21:21.0270 2084  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
13:21:21.0280 2084  Processor - ok
13:21:21.0290 2084  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:21:21.0290 2084  ProfSvc - ok
13:21:21.0310 2084  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:21:21.0310 2084  ProtectedStorage - ok
13:21:21.0330 2084  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:21:21.0330 2084  Psched - ok
13:21:21.0370 2084  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:21:21.0390 2084  ql2300 - ok
13:21:21.0390 2084  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:21:21.0400 2084  ql40xx - ok
13:21:21.0400 2084  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:21:21.0410 2084  QWAVE - ok
13:21:21.0410 2084  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:21:21.0420 2084  QWAVEdrv - ok
13:21:21.0430 2084  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:21:21.0430 2084  RasAcd - ok
13:21:21.0450 2084  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:21.0450 2084  RasAgileVpn - ok
13:21:21.0450 2084  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:21:21.0460 2084  RasAuto - ok
13:21:21.0460 2084  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:21.0460 2084  Rasl2tp - ok
13:21:21.0480 2084  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:21:21.0490 2084  RasMan - ok
13:21:21.0490 2084  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:21.0500 2084  RasPppoe - ok
13:21:21.0500 2084  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:21:21.0500 2084  RasSstp - ok
13:21:21.0510 2084  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:21:21.0510 2084  rdbss - ok
13:21:21.0520 2084  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:21:21.0520 2084  rdpbus - ok
13:21:21.0530 2084  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:21.0530 2084  RDPCDD - ok
13:21:21.0550 2084  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:21:21.0550 2084  RDPDR - ok
13:21:21.0570 2084  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:21:21.0570 2084  RDPENCDD - ok
13:21:21.0570 2084  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:21:21.0570 2084  RDPREFMP - ok
13:21:21.0610 2084  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:21:21.0620 2084  RdpVideoMiniport - ok
13:21:21.0650 2084  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:21:21.0650 2084  RDPWD - ok
13:21:21.0660 2084  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:21:21.0670 2084  rdyboost - ok
13:21:21.0700 2084  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:21:21.0710 2084  RemoteAccess - ok
13:21:21.0720 2084  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:21:21.0730 2084  RemoteRegistry - ok
13:21:21.0740 2084  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:21:21.0750 2084  RpcEptMapper - ok
13:21:21.0770 2084  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:21:21.0770 2084  RpcLocator - ok
13:21:21.0780 2084  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:21:21.0780 2084  RpcSs - ok
13:21:21.0780 2084  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:21:21.0790 2084  rspndr - ok
13:21:21.0860 2084  [ 6FA271B6816AFFAEF640808FC51AC8AF ] RTCore64        D:\MSI Afterburner\RTCore64.sys
13:21:21.0870 2084  RTCore64 - ok
13:21:21.0900 2084  [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
13:21:21.0910 2084  RTHDMIAzAudService - ok
13:21:21.0920 2084  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:21:21.0930 2084  s3cap - ok
13:21:21.0930 2084  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:21:21.0930 2084  SamSs - ok
13:21:21.0940 2084  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:21:21.0940 2084  sbp2port - ok
13:21:21.0950 2084  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:21:21.0950 2084  SCardSvr - ok
13:21:21.0960 2084  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:21:21.0970 2084  scfilter - ok
13:21:21.0990 2084  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:21:21.0990 2084  Schedule - ok
13:21:22.0010 2084  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:21:22.0020 2084  SCPolicySvc - ok
13:21:22.0020 2084  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:21:22.0020 2084  SDRSVC - ok
13:21:22.0040 2084  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:21:22.0040 2084  secdrv - ok
13:21:22.0050 2084  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:21:22.0050 2084  seclogon - ok
13:21:22.0060 2084  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:21:22.0070 2084  SENS - ok
13:21:22.0070 2084  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:21:22.0070 2084  SensrSvc - ok
13:21:22.0080 2084  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:21:22.0080 2084  Serenum - ok
13:21:22.0090 2084  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:21:22.0090 2084  Serial - ok
13:21:22.0100 2084  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:21:22.0110 2084  sermouse - ok
13:21:22.0120 2084  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:21:22.0130 2084  SessionEnv - ok
13:21:22.0130 2084  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:21:22.0130 2084  sffdisk - ok
13:21:22.0130 2084  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:21:22.0130 2084  sffp_mmc - ok
13:21:22.0140 2084  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:21:22.0140 2084  sffp_sd - ok
13:21:22.0140 2084  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:21:22.0140 2084  sfloppy - ok
13:21:22.0180 2084  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:21:22.0190 2084  SharedAccess - ok
13:21:22.0210 2084  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:21:22.0210 2084  ShellHWDetection - ok
13:21:22.0210 2084  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:21:22.0210 2084  SiSRaid2 - ok
13:21:22.0220 2084  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:21:22.0220 2084  SiSRaid4 - ok
13:21:22.0220 2084  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:21:22.0230 2084  Smb - ok
13:21:22.0240 2084  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:21:22.0240 2084  SNMPTRAP - ok
13:21:22.0250 2084  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:21:22.0250 2084  spldr - ok
13:21:22.0280 2084  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:21:22.0290 2084  Spooler - ok
13:21:22.0360 2084  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:21:22.0390 2084  sppsvc - ok
13:21:22.0410 2084  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:21:22.0410 2084  sppuinotify - ok
13:21:22.0440 2084  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:21:22.0450 2084  srv - ok
13:21:22.0460 2084  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:21:22.0470 2084  srv2 - ok
13:21:22.0490 2084  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:21:22.0490 2084  srvnet - ok
13:21:22.0500 2084  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:21:22.0500 2084  SSDPSRV - ok
13:21:22.0510 2084  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:21:22.0510 2084  SstpSvc - ok
13:21:22.0550 2084  Steam Client Service - ok
13:21:22.0550 2084  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:21:22.0550 2084  stexstor - ok
13:21:22.0580 2084  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:21:22.0580 2084  stisvc - ok
13:21:22.0590 2084  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:21:22.0590 2084  storflt - ok
13:21:22.0610 2084  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
13:21:22.0620 2084  StorSvc - ok
13:21:22.0620 2084  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:21:22.0620 2084  storvsc - ok
13:21:22.0630 2084  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:21:22.0630 2084  swenum - ok
13:21:22.0650 2084  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:21:22.0650 2084  swprv - ok
13:21:22.0680 2084  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:21:22.0700 2084  SysMain - ok
13:21:22.0710 2084  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:21:22.0710 2084  TabletInputService - ok
13:21:22.0720 2084  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:21:22.0730 2084  TapiSrv - ok
13:21:22.0730 2084  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:21:22.0730 2084  TBS - ok
13:21:22.0760 2084  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:21:22.0790 2084  Tcpip - ok
13:21:22.0810 2084  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:21:22.0820 2084  TCPIP6 - ok
13:21:22.0840 2084  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:21:22.0850 2084  tcpipreg - ok
13:21:22.0860 2084  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:21:22.0860 2084  TDPIPE - ok
13:21:22.0880 2084  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:21:22.0880 2084  TDTCP - ok
13:21:22.0900 2084  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:21:22.0910 2084  tdx - ok
13:21:22.0910 2084  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:21:22.0920 2084  TermDD - ok
13:21:22.0940 2084  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:21:22.0950 2084  TermService - ok
13:21:22.0960 2084  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:21:22.0960 2084  Themes - ok
13:21:22.0980 2084  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:21:22.0980 2084  THREADORDER - ok
13:21:22.0980 2084  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:21:22.0990 2084  TrkWks - ok
13:21:23.0010 2084  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:21:23.0010 2084  TrustedInstaller - ok
13:21:23.0020 2084  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:23.0020 2084  tssecsrv - ok
13:21:23.0040 2084  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:21:23.0050 2084  TsUsbFlt - ok
13:21:23.0080 2084  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:21:23.0080 2084  TsUsbGD - ok
13:21:23.0090 2084  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:21:23.0090 2084  tunnel - ok
13:21:23.0100 2084  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:21:23.0100 2084  uagp35 - ok
13:21:23.0110 2084  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:21:23.0110 2084  udfs - ok
13:21:23.0130 2084  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:21:23.0140 2084  UI0Detect - ok
13:21:23.0160 2084  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:21:23.0160 2084  uliagpkx - ok
13:21:23.0170 2084  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:21:23.0170 2084  umbus - ok
13:21:23.0170 2084  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:21:23.0170 2084  UmPass - ok
13:21:23.0180 2084  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
13:21:23.0190 2084  UmRdpService - ok
13:21:23.0200 2084  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:21:23.0210 2084  upnphost - ok
13:21:23.0250 2084  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:21:23.0260 2084  USBAAPL64 - ok
13:21:23.0270 2084  usbbus - ok
13:21:23.0300 2084  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:23.0310 2084  usbccgp - ok
13:21:23.0310 2084  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:21:23.0320 2084  usbcir - ok
13:21:23.0320 2084  UsbDiag - ok
13:21:23.0330 2084  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:21:23.0340 2084  usbehci - ok
13:21:23.0350 2084  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:21:23.0360 2084  usbhub - ok
13:21:23.0360 2084  USBModem - ok
13:21:23.0380 2084  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:21:23.0380 2084  usbohci - ok
13:21:23.0390 2084  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:21:23.0390 2084  usbprint - ok
13:21:23.0430 2084  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:21:23.0430 2084  usbscan - ok
13:21:23.0440 2084  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:23.0440 2084  USBSTOR - ok
13:21:23.0440 2084  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:21:23.0450 2084  usbuhci - ok
13:21:23.0460 2084  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:21:23.0470 2084  UxSms - ok
13:21:23.0480 2084  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:21:23.0480 2084  VaultSvc - ok
13:21:23.0480 2084  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:21:23.0480 2084  vdrvroot - ok
13:21:23.0500 2084  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:21:23.0510 2084  vds - ok
13:21:23.0510 2084  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:23.0520 2084  vga - ok
13:21:23.0520 2084  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:21:23.0520 2084  VgaSave - ok
13:21:23.0520 2084  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:21:23.0530 2084  vhdmp - ok
13:21:23.0570 2084  [ 6BBD1072E94167A1C1F33CC66B0DF861 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
13:21:23.0580 2084  VIAHdAudAddService - ok
13:21:23.0580 2084  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:21:23.0590 2084  viaide - ok
13:21:23.0600 2084  [ 6B34F3220E4AE5D77BD42CEA94EB3892 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
13:21:23.0600 2084  VIAKaraokeService - ok
13:21:23.0620 2084  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:21:23.0630 2084  vmbus - ok
13:21:23.0640 2084  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:21:23.0640 2084  VMBusHID - ok
13:21:23.0650 2084  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:21:23.0650 2084  volmgr - ok
13:21:23.0660 2084  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:21:23.0660 2084  volmgrx - ok
13:21:23.0660 2084  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:21:23.0670 2084  volsnap - ok
13:21:23.0670 2084  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:21:23.0680 2084  vsmraid - ok
13:21:23.0700 2084  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:21:23.0710 2084  VSS - ok
13:21:23.0720 2084  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:21:23.0720 2084  vwifibus - ok
13:21:23.0750 2084  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:21:23.0750 2084  W32Time - ok
13:21:23.0760 2084  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:21:23.0770 2084  WacomPen - ok
13:21:23.0770 2084  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:21:23.0780 2084  WANARP - ok
13:21:23.0780 2084  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:21:23.0780 2084  Wanarpv6 - ok
13:21:23.0810 2084  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:21:23.0830 2084  wbengine - ok
13:21:23.0840 2084  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:21:23.0840 2084  WbioSrvc - ok
13:21:23.0860 2084  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:21:23.0870 2084  wcncsvc - ok
13:21:23.0870 2084  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:21:23.0880 2084  WcsPlugInService - ok
13:21:23.0880 2084  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
13:21:23.0880 2084  Wd - ok
13:21:23.0890 2084  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:21:23.0900 2084  Wdf01000 - ok
13:21:23.0910 2084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:21:23.0910 2084  WdiServiceHost - ok
13:21:23.0910 2084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:21:23.0910 2084  WdiSystemHost - ok
13:21:23.0910 2084  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:21:23.0920 2084  WebClient - ok
13:21:23.0930 2084  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:21:23.0940 2084  Wecsvc - ok
13:21:23.0950 2084  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:21:23.0950 2084  wercplsupport - ok
13:21:23.0960 2084  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:21:23.0960 2084  WerSvc - ok
13:21:23.0970 2084  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:21:23.0970 2084  WfpLwf - ok
13:21:23.0970 2084  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:21:23.0980 2084  WIMMount - ok
13:21:23.0990 2084  WinDefend - ok
13:21:23.0990 2084  WinHttpAutoProxySvc - ok
13:21:24.0020 2084  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:21:24.0020 2084  Winmgmt - ok
13:21:24.0060 2084  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:21:24.0110 2084  WinRM - ok
13:21:24.0130 2084  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:21:24.0150 2084  Wlansvc - ok
13:21:24.0150 2084  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:21:24.0150 2084  WmiAcpi - ok
13:21:24.0170 2084  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:21:24.0170 2084  wmiApSrv - ok
13:21:24.0180 2084  WMPNetworkSvc - ok
13:21:24.0190 2084  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:21:24.0200 2084  WPCSvc - ok
13:21:24.0210 2084  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:21:24.0220 2084  WPDBusEnum - ok
13:21:24.0220 2084  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:21:24.0220 2084  ws2ifsl - ok
13:21:24.0230 2084  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:21:24.0240 2084  wscsvc - ok
13:21:24.0240 2084  WSearch - ok
13:21:24.0290 2084  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:21:24.0320 2084  wuauserv - ok
13:21:24.0330 2084  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:21:24.0340 2084  WudfPf - ok
13:21:24.0360 2084  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:24.0370 2084  WUDFRd - ok
13:21:24.0400 2084  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:21:24.0400 2084  wudfsvc - ok
13:21:24.0410 2084  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:21:24.0420 2084  WwanSvc - ok
13:21:24.0430 2084  ================ Scan global ===============================
13:21:24.0450 2084  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:21:24.0470 2084  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:21:24.0470 2084  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:21:24.0480 2084  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:21:24.0500 2084  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:21:24.0510 2084  [Global] - ok
13:21:24.0510 2084  ================ Scan MBR ==================================
13:21:24.0540 2084  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:21:24.0670 2084  \Device\Harddisk0\DR0 - ok
13:21:24.0670 2084  [ 3DFBD33517922022AAB2367021B4BBEC ] \Device\Harddisk1\DR1
13:21:24.0670 2084  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
13:21:24.0670 2084  \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
13:21:24.0670 2084  ================ Scan VBR ==================================
13:21:24.0950 2084  [ A75CFC6E1FDFBAEE7262F0DCA6E10EC5 ] \Device\Harddisk0\DR0\Partition1
13:21:24.0950 2084  \Device\Harddisk0\DR0\Partition1 - ok
13:21:24.0960 2084  [ A55FB4813D5CC737A1C872028EB716E1 ] \Device\Harddisk0\DR0\Partition2
13:21:24.0960 2084  \Device\Harddisk0\DR0\Partition2 - ok
13:21:24.0980 2084  [ A2475E0CC9C87A4B144A9792798CA1D1 ] \Device\Harddisk0\DR0\Partition3
13:21:24.0980 2084  \Device\Harddisk0\DR0\Partition3 - ok
13:21:24.0990 2084  [ C97506C89400F80D4344D52B42E7D8B1 ] \Device\Harddisk0\DR0\Partition4
13:21:24.0990 2084  \Device\Harddisk0\DR0\Partition4 - ok
13:21:24.0990 2084  [ AF09F3106187641F5EF1D63EA1EB6518 ] \Device\Harddisk1\DR1\Partition1
13:21:25.0000 2084  \Device\Harddisk1\DR1\Partition1 - ok
13:21:25.0000 2084  ============================================================
13:21:25.0000 2084  Scan finished
13:21:25.0000 2084  ============================================================
13:21:25.0000 4360  Detected object count: 1
13:21:25.0000 4360  Actual detected object count: 1
13:21:40.0522 4360  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - skipped by user
13:21:40.0522 4360  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Skip 
13:21:51.0313 2988  Deinitialize success
         
__________________

Alt 09.04.2013, 12:30   #4
aharonov
/// TB-Ausbilder
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hi Manuel,

da haben wir diesen Whistler ja..


Schritt 1

Starte bitte TDSSkiller.exe.
Vista und Win7 User mit Rechtsklick "als Administrator ausführen".
  • Drücke auf Start Scan.
    Mache während des Scans nichts am Rechner!
  • Gehe sicher, dass bei Rootkit.Boot.Wistler.a die Option Cure (default) angehakt ist.
  • Drücke Continue --> Reboot.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles in deinen Thread.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von TDSSKiller
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 09.04.2013, 12:57   #5
Manu39
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hey, beim Schritt 1 erscheint folgende Meldung nachdem ich continue drücke (cure ausgewählt).

s14.directupload.net/images/130409/ptzw7ilx.jpg

Einfach Yes drücken? Will lieber nichts falsch machen und frage deswegen!


Alt 09.04.2013, 13:20   #6
aharonov
/// TB-Ausbilder
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Jep, nur reinhauen.
__________________
--> BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''

Alt 09.04.2013, 13:52   #7
Manu39
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hey, die 3 Logs sind zu lang für einen Post. Ich hoffe, dass es i.o. ist, hier einen Doppelpost zu machen.

TDSSKiller:

Code:
ATTFilter
13:53:31.0893 2712  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:53:32.0036 2712  ============================================================
13:53:32.0036 2712  Current date / time: 2013/04/09 13:53:32.0036
13:53:32.0036 2712  SystemInfo:
13:53:32.0036 2712  
13:53:32.0036 2712  OS Version: 6.1.7601 ServicePack: 1.0
13:53:32.0036 2712  Product type: Workstation
13:53:32.0036 2712  ComputerName: MANU-PC
13:53:32.0037 2712  UserName: Manu
13:53:32.0037 2712  Windows directory: C:\Windows
13:53:32.0037 2712  System windows directory: C:\Windows
13:53:32.0037 2712  Running under WOW64
13:53:32.0037 2712  Processor architecture: Intel x64
13:53:32.0037 2712  Number of processors: 4
13:53:32.0037 2712  Page size: 0x1000
13:53:32.0037 2712  Boot type: Normal boot
13:53:32.0037 2712  ============================================================
13:53:32.0308 2712  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:53:32.0310 2712  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:53:32.0328 2712  ============================================================
13:53:32.0328 2712  \Device\Harddisk0\DR0:
13:53:32.0328 2712  MBR partitions:
13:53:32.0328 2712  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:53:32.0328 2712  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7528EEC
13:53:32.0336 2712  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x755B72B, BlocksNum 0x1900297E
13:53:32.0345 2712  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2055E0E8, BlocksNum 0x541A78D9
13:53:32.0345 2712  \Device\Harddisk1\DR1:
13:53:32.0345 2712  MBR partitions:
13:53:32.0345 2712  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
13:53:32.0345 2712  ============================================================
13:53:32.0380 2712  C: <-> \Device\Harddisk0\DR0\Partition2
13:53:32.0401 2712  D: <-> \Device\Harddisk0\DR0\Partition3
13:53:32.0453 2712  E: <-> \Device\Harddisk0\DR0\Partition4
13:53:32.0463 2712  I: <-> \Device\Harddisk1\DR1\Partition1
13:53:32.0463 2712  ============================================================
13:53:32.0463 2712  Initialize success
13:53:32.0463 2712  ============================================================
13:53:37.0921 4708  ============================================================
13:53:37.0921 4708  Scan started
13:53:37.0921 4708  Mode: Manual; 
13:53:37.0921 4708  ============================================================
13:53:38.0115 4708  ================ Scan system memory ========================
13:53:38.0115 4708  System memory - ok
13:53:38.0115 4708  ================ Scan services =============================
13:53:38.0196 4708  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:53:38.0199 4708  1394ohci - ok
13:53:38.0214 4708  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:53:38.0217 4708  ACPI - ok
13:53:38.0221 4708  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:53:38.0221 4708  AcpiPmi - ok
13:53:38.0288 4708  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:53:38.0289 4708  AdobeARMservice - ok
13:53:38.0375 4708  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:53:38.0378 4708  AdobeFlashPlayerUpdateSvc - ok
13:53:38.0396 4708  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:53:38.0400 4708  adp94xx - ok
13:53:38.0407 4708  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:53:38.0409 4708  adpahci - ok
13:53:38.0427 4708  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:53:38.0428 4708  adpu320 - ok
13:53:38.0450 4708  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:53:38.0450 4708  AeLookupSvc - ok
13:53:38.0476 4708  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:53:38.0480 4708  AFD - ok
13:53:38.0487 4708  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:53:38.0489 4708  agp440 - ok
13:53:38.0493 4708  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:53:38.0494 4708  ALG - ok
13:53:38.0507 4708  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:53:38.0508 4708  aliide - ok
13:53:38.0527 4708  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:53:38.0529 4708  AMD External Events Utility - ok
13:53:38.0544 4708  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:53:38.0544 4708  amdide - ok
13:53:38.0548 4708  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:53:38.0549 4708  AmdK8 - ok
13:53:38.0695 4708  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:53:38.0731 4708  amdkmdag - ok
13:53:38.0769 4708  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:53:38.0773 4708  amdkmdap - ok
13:53:38.0778 4708  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:53:38.0779 4708  AmdPPM - ok
13:53:38.0794 4708  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:53:38.0795 4708  amdsata - ok
13:53:38.0801 4708  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:53:38.0803 4708  amdsbs - ok
13:53:38.0818 4708  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:53:38.0819 4708  amdxata - ok
13:53:38.0869 4708  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:53:38.0871 4708  AntiVirSchedulerService - ok
13:53:38.0898 4708  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:53:38.0899 4708  AntiVirService - ok
13:53:38.0903 4708  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:53:38.0904 4708  AppID - ok
13:53:38.0908 4708  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:53:38.0909 4708  AppIDSvc - ok
13:53:38.0926 4708  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:53:38.0927 4708  Appinfo - ok
13:53:38.0975 4708  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:53:38.0976 4708  Apple Mobile Device - ok
13:53:39.0005 4708  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
13:53:39.0006 4708  AppleCharger - ok
13:53:39.0022 4708  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
13:53:39.0023 4708  AppleChargerSrv - ok
13:53:39.0049 4708  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:53:39.0051 4708  AppMgmt - ok
13:53:39.0059 4708  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
13:53:39.0060 4708  arc - ok
13:53:39.0064 4708  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:53:39.0066 4708  arcsas - ok
13:53:39.0151 4708  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:53:39.0152 4708  aspnet_state - ok
13:53:39.0165 4708  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:53:39.0166 4708  AsyncMac - ok
13:53:39.0180 4708  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:53:39.0181 4708  atapi - ok
13:53:39.0210 4708  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:53:39.0211 4708  AtiHDAudioService - ok
13:53:39.0279 4708  [ 26D973D6D9A0D133DFDA7D8C1ADC04B7 ] atillk64        C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys
13:53:39.0280 4708  atillk64 - ok
13:53:39.0302 4708  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:53:39.0307 4708  AudioEndpointBuilder - ok
13:53:39.0323 4708  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:53:39.0328 4708  AudioSrv - ok
13:53:39.0376 4708  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:53:39.0388 4708  avgntflt - ok
13:53:39.0407 4708  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:53:39.0409 4708  avipbb - ok
13:53:39.0429 4708  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:53:39.0430 4708  avkmgr - ok
13:53:39.0434 4708  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:53:39.0435 4708  AxInstSV - ok
13:53:39.0465 4708  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:53:39.0468 4708  b06bdrv - ok
13:53:39.0483 4708  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:53:39.0484 4708  b57nd60a - ok
13:53:39.0498 4708  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:53:39.0499 4708  BDESVC - ok
13:53:39.0524 4708  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:53:39.0525 4708  Beep - ok
13:53:39.0546 4708  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:53:39.0550 4708  BFE - ok
13:53:39.0576 4708  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:53:39.0581 4708  BITS - ok
13:53:39.0590 4708  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:53:39.0590 4708  blbdrive - ok
13:53:39.0646 4708  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:53:39.0649 4708  Bonjour Service - ok
13:53:39.0672 4708  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:53:39.0673 4708  bowser - ok
13:53:39.0677 4708  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:53:39.0678 4708  BrFiltLo - ok
13:53:39.0681 4708  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:53:39.0682 4708  BrFiltUp - ok
13:53:39.0696 4708  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:53:39.0697 4708  Browser - ok
13:53:39.0702 4708  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:53:39.0703 4708  Brserid - ok
13:53:39.0711 4708  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:53:39.0711 4708  BrSerWdm - ok
13:53:39.0714 4708  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:53:39.0715 4708  BrUsbMdm - ok
13:53:39.0717 4708  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:53:39.0718 4708  BrUsbSer - ok
13:53:39.0722 4708  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:53:39.0723 4708  BTHMODEM - ok
13:53:39.0747 4708  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:53:39.0748 4708  bthserv - ok
13:53:39.0753 4708  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:53:39.0754 4708  cdfs - ok
13:53:39.0765 4708  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:53:39.0766 4708  cdrom - ok
13:53:39.0769 4708  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:53:39.0770 4708  CertPropSvc - ok
13:53:39.0772 4708  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
13:53:39.0772 4708  circlass - ok
13:53:39.0783 4708  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:53:39.0785 4708  CLFS - ok
13:53:39.0829 4708  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:39.0830 4708  clr_optimization_v2.0.50727_32 - ok
13:53:39.0863 4708  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:53:39.0864 4708  clr_optimization_v2.0.50727_64 - ok
13:53:39.0918 4708  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:39.0919 4708  clr_optimization_v4.0.30319_32 - ok
13:53:39.0929 4708  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:53:39.0930 4708  clr_optimization_v4.0.30319_64 - ok
13:53:39.0934 4708  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:53:39.0935 4708  CmBatt - ok
13:53:39.0944 4708  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:53:39.0945 4708  cmdide - ok
13:53:39.0964 4708  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
13:53:39.0967 4708  CNG - ok
13:53:39.0982 4708  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:53:39.0982 4708  Compbatt - ok
13:53:39.0991 4708  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:53:39.0992 4708  CompositeBus - ok
13:53:39.0994 4708  COMSysApp - ok
13:53:39.0997 4708  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:53:39.0998 4708  crcdisk - ok
13:53:40.0033 4708  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:53:40.0035 4708  CryptSvc - ok
13:53:40.0058 4708  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
13:53:40.0061 4708  CSC - ok
13:53:40.0070 4708  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
13:53:40.0074 4708  CscService - ok
13:53:40.0092 4708  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:53:40.0096 4708  DcomLaunch - ok
13:53:40.0113 4708  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:53:40.0115 4708  defragsvc - ok
13:53:40.0127 4708  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:53:40.0128 4708  DfsC - ok
13:53:40.0149 4708  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:53:40.0152 4708  Dhcp - ok
13:53:40.0159 4708  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:53:40.0160 4708  discache - ok
13:53:40.0169 4708  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
13:53:40.0171 4708  Disk - ok
13:53:40.0197 4708  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:53:40.0198 4708  dmvsc - ok
13:53:40.0221 4708  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:53:40.0223 4708  Dnscache - ok
13:53:40.0236 4708  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:53:40.0238 4708  dot3svc - ok
13:53:40.0242 4708  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:53:40.0243 4708  DPS - ok
13:53:40.0269 4708  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:53:40.0269 4708  drmkaud - ok
13:53:40.0304 4708  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:53:40.0306 4708  dtsoftbus01 - ok
13:53:40.0334 4708  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:53:40.0341 4708  DXGKrnl - ok
13:53:40.0354 4708  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:53:40.0356 4708  EapHost - ok
13:53:40.0411 4708  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:53:40.0425 4708  ebdrv - ok
13:53:40.0448 4708  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:53:40.0449 4708  EFS - ok
13:53:40.0495 4708  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:53:40.0500 4708  ehRecvr - ok
13:53:40.0515 4708  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:53:40.0517 4708  ehSched - ok
13:53:40.0525 4708  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:53:40.0530 4708  elxstor - ok
13:53:40.0555 4708  [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
13:53:40.0556 4708  epmntdrv - ok
13:53:40.0571 4708  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:53:40.0572 4708  ErrDev - ok
13:53:40.0601 4708  [ 84486624268E078255BC7AA47F0960BC ] etdrv           C:\Windows\etdrv.sys
13:53:40.0602 4708  etdrv - ok
13:53:40.0637 4708  [ 6CF515B48E0692070EED439BB73A9949 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
13:53:40.0638 4708  EtronHub3 - ok
13:53:40.0664 4708  [ EEA621DB1DAC0AB1EE901140AC381952 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
13:53:40.0665 4708  EtronXHCI - ok
13:53:40.0668 4708  [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
13:53:40.0669 4708  EuGdiDrv - ok
13:53:40.0692 4708  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:53:40.0695 4708  EventSystem - ok
13:53:40.0699 4708  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:53:40.0701 4708  exfat - ok
13:53:40.0705 4708  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:53:40.0707 4708  fastfat - ok
13:53:40.0737 4708  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:53:40.0742 4708  Fax - ok
13:53:40.0745 4708  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
13:53:40.0746 4708  fdc - ok
13:53:40.0768 4708  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:53:40.0769 4708  fdPHost - ok
13:53:40.0784 4708  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:53:40.0785 4708  FDResPub - ok
13:53:40.0788 4708  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:53:40.0788 4708  FileInfo - ok
13:53:40.0800 4708  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:53:40.0800 4708  Filetrace - ok
13:53:40.0803 4708  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:53:40.0804 4708  flpydisk - ok
13:53:40.0808 4708  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:53:40.0810 4708  FltMgr - ok
13:53:40.0854 4708  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
13:53:40.0863 4708  FontCache - ok
13:53:40.0896 4708  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:53:40.0897 4708  FontCache3.0.0.0 - ok
13:53:40.0906 4708  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:53:40.0907 4708  FsDepends - ok
13:53:40.0926 4708  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:53:40.0927 4708  Fs_Rec - ok
13:53:40.0931 4708  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:53:40.0933 4708  fvevol - ok
13:53:40.0943 4708  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:53:40.0944 4708  gagp30kx - ok
13:53:40.0979 4708  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
13:53:40.0980 4708  gdrv - ok
13:53:41.0006 4708  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:53:41.0006 4708  GEARAspiWDM - ok
13:53:41.0025 4708  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:53:41.0030 4708  gpsvc - ok
13:53:41.0048 4708  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
13:53:41.0048 4708  GVTDrv64 - ok
13:53:41.0066 4708  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:53:41.0067 4708  hcw85cir - ok
13:53:41.0084 4708  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:53:41.0086 4708  HdAudAddService - ok
13:53:41.0113 4708  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:53:41.0114 4708  HDAudBus - ok
13:53:41.0118 4708  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:53:41.0119 4708  HidBatt - ok
13:53:41.0123 4708  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:53:41.0124 4708  HidBth - ok
13:53:41.0137 4708  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:53:41.0138 4708  HidIr - ok
13:53:41.0141 4708  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
13:53:41.0143 4708  hidserv - ok
13:53:41.0146 4708  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:53:41.0146 4708  HidUsb - ok
13:53:41.0161 4708  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:53:41.0162 4708  hkmsvc - ok
13:53:41.0170 4708  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:53:41.0173 4708  HomeGroupListener - ok
13:53:41.0185 4708  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:53:41.0187 4708  HomeGroupProvider - ok
13:53:41.0191 4708  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:53:41.0192 4708  HpSAMD - ok
13:53:41.0200 4708  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:53:41.0204 4708  HTTP - ok
13:53:41.0236 4708  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:53:41.0237 4708  hwpolicy - ok
13:53:41.0240 4708  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:53:41.0241 4708  i8042prt - ok
13:53:41.0253 4708  [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:53:41.0256 4708  iaStor - ok
13:53:41.0301 4708  [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:53:41.0301 4708  IAStorDataMgrSvc - ok
13:53:41.0329 4708  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:53:41.0332 4708  iaStorV - ok
13:53:41.0361 4708  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
13:53:41.0363 4708  ICCS - ok
13:53:41.0413 4708  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:53:41.0415 4708  IDriverT - ok
13:53:41.0451 4708  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:53:41.0457 4708  idsvc - ok
13:53:41.0475 4708  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:53:41.0475 4708  iirsp - ok
13:53:41.0497 4708  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:53:41.0502 4708  IKEEXT - ok
13:53:41.0555 4708  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:53:41.0559 4708  Intel(R) Capability Licensing Service Interface - ok
13:53:41.0569 4708  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:53:41.0570 4708  intelide - ok
13:53:41.0578 4708  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:53:41.0579 4708  intelppm - ok
13:53:41.0591 4708  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:53:41.0593 4708  IPBusEnum - ok
13:53:41.0610 4708  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:53:41.0612 4708  IpFilterDriver - ok
13:53:41.0637 4708  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:53:41.0641 4708  iphlpsvc - ok
13:53:41.0645 4708  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:53:41.0646 4708  IPMIDRV - ok
13:53:41.0649 4708  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:53:41.0651 4708  IPNAT - ok
13:53:41.0691 4708  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:53:41.0694 4708  iPod Service - ok
13:53:41.0697 4708  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:53:41.0698 4708  IRENUM - ok
13:53:41.0701 4708  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:53:41.0701 4708  isapnp - ok
13:53:41.0719 4708  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:53:41.0720 4708  iScsiPrt - ok
13:53:41.0734 4708  [ 7A4D015FF432645C55C162DADAEA143E ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:53:41.0734 4708  iusb3hcs - ok
13:53:41.0748 4708  [ 5D6164479F6F900ACD287FDC6935532E ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
13:53:41.0750 4708  iusb3hub - ok
13:53:41.0779 4708  [ 9F5687C7EFA906E4F33586D393F7C257 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:53:41.0783 4708  iusb3xhc - ok
13:53:41.0811 4708  [ 4E5DB6816F165C0C7A7FAA0055788884 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:53:41.0812 4708  jhi_service - ok
13:53:41.0816 4708  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:53:41.0816 4708  kbdclass - ok
13:53:41.0823 4708  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:53:41.0824 4708  kbdhid - ok
13:53:41.0837 4708  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:53:41.0838 4708  KeyIso - ok
13:53:41.0859 4708  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:53:41.0861 4708  KSecDD - ok
13:53:41.0880 4708  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:53:41.0881 4708  KSecPkg - ok
13:53:41.0892 4708  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:53:41.0893 4708  ksthunk - ok
13:53:41.0920 4708  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:53:41.0925 4708  KtmRm - ok
13:53:41.0938 4708  [ C669E616F41060C37F868B2BBAD92632 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
13:53:41.0940 4708  L1C - ok
13:53:41.0957 4708  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:53:41.0960 4708  LanmanServer - ok
13:53:41.0984 4708  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:53:41.0987 4708  LanmanWorkstation - ok
13:53:42.0018 4708  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
13:53:42.0019 4708  LGBusEnum - ok
13:53:42.0027 4708  [ CDDC07D414B08FECD48E4940C29F483F ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
13:53:42.0028 4708  LGSHidFilt - ok
13:53:42.0047 4708  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
13:53:42.0048 4708  LGVirHid - ok
13:53:42.0063 4708  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:53:42.0064 4708  lltdio - ok
13:53:42.0091 4708  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:53:42.0094 4708  lltdsvc - ok
13:53:42.0109 4708  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:53:42.0110 4708  lmhosts - ok
13:53:42.0137 4708  [ DF9ADD70659EA4F2A17075524E043FD8 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:53:42.0141 4708  LMS - ok
13:53:42.0156 4708  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:53:42.0157 4708  LSI_FC - ok
13:53:42.0160 4708  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:53:42.0161 4708  LSI_SAS - ok
13:53:42.0164 4708  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:53:42.0165 4708  LSI_SAS2 - ok
13:53:42.0168 4708  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:53:42.0169 4708  LSI_SCSI - ok
13:53:42.0173 4708  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:53:42.0174 4708  luafv - ok
13:53:42.0199 4708  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:53:42.0200 4708  Mcx2Svc - ok
13:53:42.0202 4708  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:53:42.0203 4708  megasas - ok
13:53:42.0208 4708  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:53:42.0209 4708  MegaSR - ok
13:53:42.0223 4708  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:53:42.0224 4708  MEIx64 - ok
13:53:42.0289 4708  Microsoft SharePoint Workspace Audit Service - ok
13:53:42.0302 4708  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:53:42.0304 4708  MMCSS - ok
13:53:42.0321 4708  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:53:42.0322 4708  Modem - ok
13:53:42.0359 4708  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:53:42.0360 4708  monitor - ok
13:53:42.0371 4708  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:53:42.0372 4708  mouclass - ok
13:53:42.0376 4708  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:53:42.0377 4708  mouhid - ok
13:53:42.0381 4708  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:53:42.0382 4708  mountmgr - ok
13:53:42.0412 4708  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:53:42.0413 4708  MozillaMaintenance - ok
13:53:42.0418 4708  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:53:42.0420 4708  mpio - ok
13:53:42.0424 4708  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:53:42.0425 4708  mpsdrv - ok
13:53:42.0463 4708  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:53:42.0470 4708  MpsSvc - ok
13:53:42.0475 4708  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:53:42.0476 4708  MRxDAV - ok
13:53:42.0518 4708  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:53:42.0520 4708  mrxsmb - ok
13:53:42.0536 4708  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:53:42.0539 4708  mrxsmb10 - ok
13:53:42.0555 4708  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:53:42.0557 4708  mrxsmb20 - ok
13:53:42.0569 4708  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:53:42.0570 4708  msahci - ok
13:53:42.0574 4708  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:53:42.0576 4708  msdsm - ok
13:53:42.0595 4708  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:53:42.0597 4708  MSDTC - ok
13:53:42.0603 4708  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:53:42.0603 4708  Msfs - ok
13:53:42.0618 4708  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:53:42.0619 4708  mshidkmdf - ok
13:53:42.0626 4708  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:53:42.0627 4708  msisadrv - ok
13:53:42.0659 4708  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:53:42.0660 4708  MSiSCSI - ok
13:53:42.0663 4708  msiserver - ok
13:53:42.0689 4708  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:53:42.0690 4708  MSKSSRV - ok
13:53:42.0710 4708  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:53:42.0711 4708  MSPCLOCK - ok
13:53:42.0735 4708  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:53:42.0736 4708  MSPQM - ok
13:53:42.0742 4708  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:53:42.0744 4708  MsRPC - ok
13:53:42.0749 4708  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:53:42.0750 4708  mssmbios - ok
13:53:42.0753 4708  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:53:42.0754 4708  MSTEE - ok
13:53:42.0789 4708  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:53:42.0790 4708  MTConfig - ok
13:53:42.0794 4708  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:53:42.0795 4708  Mup - ok
13:53:42.0811 4708  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:53:42.0816 4708  napagent - ok
13:53:42.0828 4708  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:53:42.0831 4708  NativeWifiP - ok
13:53:42.0854 4708  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:53:42.0862 4708  NDIS - ok
13:53:42.0869 4708  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:53:42.0870 4708  NdisCap - ok
13:53:42.0874 4708  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:53:42.0875 4708  NdisTapi - ok
13:53:42.0878 4708  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:53:42.0879 4708  Ndisuio - ok
13:53:42.0882 4708  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:53:42.0883 4708  NdisWan - ok
13:53:42.0886 4708  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:53:42.0886 4708  NDProxy - ok
13:53:42.0889 4708  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:53:42.0889 4708  NetBIOS - ok
13:53:42.0893 4708  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:53:42.0895 4708  NetBT - ok
13:53:42.0904 4708  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:53:42.0905 4708  Netlogon - ok
13:53:42.0923 4708  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:53:42.0925 4708  Netman - ok
13:53:42.0948 4708  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0950 4708  NetMsmqActivator - ok
13:53:42.0954 4708  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0956 4708  NetPipeActivator - ok
13:53:42.0979 4708  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:53:42.0983 4708  netprofm - ok
13:53:42.0988 4708  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0990 4708  NetTcpActivator - ok
13:53:42.0994 4708  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0995 4708  NetTcpPortSharing - ok
13:53:42.0999 4708  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:53:43.0000 4708  nfrd960 - ok
13:53:43.0011 4708  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:53:43.0014 4708  NlaSvc - ok
13:53:43.0018 4708  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:53:43.0018 4708  Npfs - ok
13:53:43.0029 4708  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:53:43.0030 4708  nsi - ok
13:53:43.0038 4708  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:53:43.0038 4708  nsiproxy - ok
13:53:43.0075 4708  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:53:43.0083 4708  Ntfs - ok
13:53:43.0096 4708  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:53:43.0096 4708  Null - ok
13:53:43.0106 4708  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:53:43.0107 4708  nvraid - ok
13:53:43.0137 4708  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:53:43.0139 4708  nvstor - ok
13:53:43.0157 4708  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:53:43.0158 4708  nv_agp - ok
13:53:43.0162 4708  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:53:43.0163 4708  ohci1394 - ok
13:53:43.0217 4708  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:53:43.0218 4708  ose - ok
13:53:43.0332 4708  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:53:43.0351 4708  osppsvc - ok
13:53:43.0366 4708  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:53:43.0368 4708  p2pimsvc - ok
13:53:43.0382 4708  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:53:43.0384 4708  p2psvc - ok
13:53:43.0387 4708  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
13:53:43.0388 4708  Parport - ok
13:53:43.0414 4708  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:53:43.0415 4708  partmgr - ok
13:53:43.0427 4708  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:53:43.0430 4708  PcaSvc - ok
13:53:43.0442 4708  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:53:43.0444 4708  pci - ok
13:53:43.0450 4708  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:53:43.0451 4708  pciide - ok
13:53:43.0456 4708  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:53:43.0457 4708  pcmcia - ok
13:53:43.0461 4708  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:53:43.0461 4708  pcw - ok
13:53:43.0469 4708  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:53:43.0473 4708  PEAUTH - ok
13:53:43.0498 4708  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:53:43.0504 4708  PeerDistSvc - ok
13:53:43.0567 4708  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:53:43.0569 4708  PerfHost - ok
13:53:43.0599 4708  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:53:43.0608 4708  pla - ok
13:53:43.0635 4708  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:53:43.0639 4708  PlugPlay - ok
13:53:43.0647 4708  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:53:43.0649 4708  PNRPAutoReg - ok
13:53:43.0667 4708  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:53:43.0670 4708  PNRPsvc - ok
13:53:43.0699 4708  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:53:43.0703 4708  PolicyAgent - ok
13:53:43.0721 4708  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:53:43.0724 4708  Power - ok
13:53:43.0737 4708  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:53:43.0738 4708  PptpMiniport - ok
13:53:43.0752 4708  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
13:53:43.0753 4708  Processor - ok
13:53:43.0773 4708  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:53:43.0775 4708  ProfSvc - ok
13:53:43.0793 4708  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:53:43.0794 4708  ProtectedStorage - ok
13:53:43.0807 4708  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:53:43.0808 4708  Psched - ok
13:53:43.0829 4708  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:53:43.0836 4708  ql2300 - ok
13:53:43.0840 4708  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:53:43.0841 4708  ql40xx - ok
13:53:43.0851 4708  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:53:43.0854 4708  QWAVE - ok
13:53:43.0856 4708  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:53:43.0857 4708  QWAVEdrv - ok
13:53:43.0863 4708  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:53:43.0864 4708  RasAcd - ok
13:53:43.0871 4708  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:53:43.0872 4708  RasAgileVpn - ok
13:53:43.0875 4708  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:53:43.0876 4708  RasAuto - ok
13:53:43.0879 4708  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:53:43.0880 4708  Rasl2tp - ok
13:53:43.0896 4708  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:53:43.0898 4708  RasMan - ok
13:53:43.0900 4708  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:53:43.0901 4708  RasPppoe - ok
13:53:43.0903 4708  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:53:43.0904 4708  RasSstp - ok
13:53:43.0908 4708  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:53:43.0909 4708  rdbss - ok
13:53:43.0922 4708  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:53:43.0922 4708  rdpbus - ok
13:53:43.0934 4708  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:53:43.0935 4708  RDPCDD - ok
13:53:43.0950 4708  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:53:43.0951 4708  RDPDR - ok
13:53:43.0972 4708  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:53:43.0972 4708  RDPENCDD - ok
13:53:43.0978 4708  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:53:43.0979 4708  RDPREFMP - ok
13:53:44.0027 4708  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:53:44.0027 4708  RdpVideoMiniport - ok
13:53:44.0060 4708  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:53:44.0062 4708  RDPWD - ok
13:53:44.0068 4708  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:53:44.0070 4708  rdyboost - ok
13:53:44.0102 4708  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:53:44.0104 4708  RemoteAccess - ok
13:53:44.0112 4708  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:53:44.0115 4708  RemoteRegistry - ok
13:53:44.0136 4708  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:53:44.0138 4708  RpcEptMapper - ok
13:53:44.0157 4708  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:53:44.0159 4708  RpcLocator - ok
13:53:44.0182 4708  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:53:44.0186 4708  RpcSs - ok
13:53:44.0190 4708  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:53:44.0191 4708  rspndr - ok
13:53:44.0267 4708  [ 6FA271B6816AFFAEF640808FC51AC8AF ] RTCore64        D:\MSI Afterburner\RTCore64.sys
13:53:44.0268 4708  RTCore64 - ok
13:53:44.0298 4708  [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
13:53:44.0301 4708  RTHDMIAzAudService - ok
13:53:44.0315 4708  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:53:44.0316 4708  s3cap - ok
13:53:44.0319 4708  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:53:44.0320 4708  SamSs - ok
13:53:44.0324 4708  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:53:44.0325 4708  sbp2port - ok
13:53:44.0329 4708  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:53:44.0332 4708  SCardSvr - ok
13:53:44.0343 4708  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:53:44.0344 4708  scfilter - ok
13:53:44.0368 4708  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:53:44.0375 4708  Schedule - ok
13:53:44.0396 4708  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:53:44.0396 4708  SCPolicySvc - ok
13:53:44.0400 4708  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:53:44.0403 4708  SDRSVC - ok
13:53:44.0416 4708  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:53:44.0417 4708  secdrv - ok
13:53:44.0423 4708  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:53:44.0424 4708  seclogon - ok
13:53:44.0434 4708  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:53:44.0435 4708  SENS - ok
13:53:44.0437 4708  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:53:44.0439 4708  SensrSvc - ok
13:53:44.0451 4708  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:53:44.0451 4708  Serenum - ok
13:53:44.0454 4708  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:53:44.0455 4708  Serial - ok
13:53:44.0463 4708  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:53:44.0463 4708  sermouse - ok
13:53:44.0480 4708  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:53:44.0481 4708  SessionEnv - ok
13:53:44.0483 4708  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:53:44.0484 4708  sffdisk - ok
13:53:44.0485 4708  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:53:44.0486 4708  sffp_mmc - ok
13:53:44.0488 4708  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:53:44.0488 4708  sffp_sd - ok
13:53:44.0490 4708  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:53:44.0491 4708  sfloppy - ok
13:53:44.0523 4708  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:53:44.0524 4708  SharedAccess - ok
13:53:44.0543 4708  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:53:44.0547 4708  ShellHWDetection - ok
13:53:44.0552 4708  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:53:44.0553 4708  SiSRaid2 - ok
13:53:44.0557 4708  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:53:44.0558 4708  SiSRaid4 - ok
13:53:44.0561 4708  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:53:44.0562 4708  Smb - ok
13:53:44.0572 4708  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:53:44.0574 4708  SNMPTRAP - ok
13:53:44.0584 4708  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:53:44.0585 4708  spldr - ok
13:53:44.0615 4708  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:53:44.0621 4708  Spooler - ok
13:53:44.0674 4708  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:53:44.0687 4708  sppsvc - ok
13:53:44.0700 4708  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:53:44.0701 4708  sppuinotify - ok
13:53:44.0721 4708  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:53:44.0723 4708  srv - ok
13:53:44.0741 4708  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:53:44.0744 4708  srv2 - ok
13:53:44.0758 4708  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:53:44.0760 4708  srvnet - ok
13:53:44.0770 4708  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:53:44.0773 4708  SSDPSRV - ok
13:53:44.0780 4708  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:53:44.0782 4708  SstpSvc - ok
13:53:44.0819 4708  Steam Client Service - ok
13:53:44.0823 4708  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:53:44.0824 4708  stexstor - ok
13:53:44.0858 4708  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:53:44.0864 4708  stisvc - ok
13:53:44.0880 4708  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:53:44.0881 4708  storflt - ok
13:53:44.0906 4708  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
13:53:44.0908 4708  StorSvc - ok
13:53:44.0911 4708  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:53:44.0912 4708  storvsc - ok
13:53:44.0922 4708  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:53:44.0923 4708  swenum - ok
13:53:44.0939 4708  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:53:44.0944 4708  swprv - ok
13:53:44.0977 4708  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:53:44.0987 4708  SysMain - ok
13:53:45.0001 4708  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:53:45.0003 4708  TabletInputService - ok
13:53:45.0012 4708  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:53:45.0015 4708  TapiSrv - ok
13:53:45.0031 4708  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:53:45.0032 4708  TBS - ok
13:53:45.0069 4708  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:53:45.0083 4708  Tcpip - ok
13:53:45.0112 4708  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:53:45.0119 4708  TCPIP6 - ok
13:53:45.0134 4708  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:53:45.0135 4708  tcpipreg - ok
13:53:45.0141 4708  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:53:45.0142 4708  TDPIPE - ok
13:53:45.0159 4708  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:53:45.0160 4708  TDTCP - ok
13:53:45.0170 4708  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:53:45.0172 4708  tdx - ok
13:53:45.0176 4708  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:53:45.0177 4708  TermDD - ok
13:53:45.0195 4708  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:53:45.0201 4708  TermService - ok
13:53:45.0210 4708  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:53:45.0212 4708  Themes - ok
13:53:45.0224 4708  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:53:45.0225 4708  THREADORDER - ok
13:53:45.0228 4708  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:53:45.0230 4708  TrkWks - ok
13:53:45.0258 4708  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:53:45.0259 4708  TrustedInstaller - ok
13:53:45.0263 4708  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:53:45.0263 4708  tssecsrv - ok
13:53:45.0278 4708  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:53:45.0278 4708  TsUsbFlt - ok
13:53:45.0302 4708  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:53:45.0302 4708  TsUsbGD - ok
13:53:45.0305 4708  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:53:45.0306 4708  tunnel - ok
13:53:45.0310 4708  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:53:45.0311 4708  uagp35 - ok
13:53:45.0318 4708  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:53:45.0321 4708  udfs - ok
13:53:45.0334 4708  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:53:45.0336 4708  UI0Detect - ok
13:53:45.0352 4708  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:53:45.0352 4708  uliagpkx - ok
13:53:45.0355 4708  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:53:45.0356 4708  umbus - ok
13:53:45.0363 4708  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:53:45.0364 4708  UmPass - ok
13:53:45.0374 4708  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
13:53:45.0376 4708  UmRdpService - ok
13:53:45.0394 4708  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:53:45.0396 4708  upnphost - ok
13:53:45.0431 4708  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:53:45.0432 4708  USBAAPL64 - ok
13:53:45.0440 4708  usbbus - ok
13:53:45.0470 4708  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:53:45.0472 4708  usbccgp - ok
13:53:45.0476 4708  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:53:45.0478 4708  usbcir - ok
13:53:45.0481 4708  UsbDiag - ok
13:53:45.0490 4708  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:53:45.0491 4708  usbehci - ok
13:53:45.0507 4708  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:53:45.0510 4708  usbhub - ok
13:53:45.0513 4708  USBModem - ok
13:53:45.0524 4708  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:53:45.0524 4708  usbohci - ok
13:53:45.0535 4708  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:53:45.0536 4708  usbprint - ok
13:53:45.0574 4708  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:53:45.0575 4708  usbscan - ok
13:53:45.0586 4708  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:53:45.0588 4708  USBSTOR - ok
13:53:45.0592 4708  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:53:45.0593 4708  usbuhci - ok
13:53:45.0610 4708  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:53:45.0612 4708  UxSms - ok
13:53:45.0626 4708  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:53:45.0627 4708  VaultSvc - ok
13:53:45.0631 4708  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:53:45.0631 4708  vdrvroot - ok
13:53:45.0651 4708  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:53:45.0656 4708  vds - ok
13:53:45.0660 4708  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:53:45.0660 4708  vga - ok
13:53:45.0663 4708  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:53:45.0664 4708  VgaSave - ok
13:53:45.0668 4708  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:53:45.0670 4708  vhdmp - ok
13:53:45.0746 4708  [ 6BBD1072E94167A1C1F33CC66B0DF861 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
13:53:45.0759 4708  VIAHdAudAddService - ok
13:53:45.0761 4708  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:53:45.0762 4708  viaide - ok
13:53:45.0781 4708  [ 6B34F3220E4AE5D77BD42CEA94EB3892 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
13:53:45.0783 4708  VIAKaraokeService - ok
13:53:45.0793 4708  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:53:45.0794 4708  vmbus - ok
13:53:45.0809 4708  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:53:45.0809 4708  VMBusHID - ok
13:53:45.0812 4708  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:53:45.0812 4708  volmgr - ok
13:53:45.0816 4708  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:53:45.0818 4708  volmgrx - ok
13:53:45.0822 4708  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:53:45.0823 4708  volsnap - ok
13:53:45.0826 4708  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:53:45.0827 4708  vsmraid - ok
13:53:45.0858 4708  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:53:45.0864 4708  VSS - ok
13:53:45.0866 4708  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:53:45.0867 4708  vwifibus - ok
13:53:45.0882 4708  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:53:45.0884 4708  W32Time - ok
13:53:45.0900 4708  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:53:45.0900 4708  WacomPen - ok
13:53:45.0903 4708  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:53:45.0903 4708  WANARP - ok
13:53:45.0905 4708  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:53:45.0906 4708  Wanarpv6 - ok
13:53:45.0931 4708  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:53:45.0937 4708  wbengine - ok
13:53:45.0951 4708  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:53:45.0953 4708  WbioSrvc - ok
13:53:45.0964 4708  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:53:45.0966 4708  wcncsvc - ok
13:53:45.0977 4708  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:53:45.0978 4708  WcsPlugInService - ok
13:53:45.0980 4708  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
13:53:45.0980 4708  Wd - ok
13:53:45.0987 4708  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:53:45.0990 4708  Wdf01000 - ok
13:53:45.0999 4708  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:53:46.0001 4708  WdiServiceHost - ok
13:53:46.0002 4708  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:53:46.0004 4708  WdiSystemHost - ok
13:53:46.0007 4708  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:53:46.0009 4708  WebClient - ok
13:53:46.0016 4708  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:53:46.0017 4708  Wecsvc - ok
13:53:46.0026 4708  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:53:46.0027 4708  wercplsupport - ok
13:53:46.0050 4708  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:53:46.0051 4708  WerSvc - ok
13:53:46.0061 4708  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:53:46.0062 4708  WfpLwf - ok
13:53:46.0064 4708  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:53:46.0064 4708  WIMMount - ok
13:53:46.0070 4708  WinDefend - ok
13:53:46.0074 4708  WinHttpAutoProxySvc - ok
13:53:46.0104 4708  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:53:46.0105 4708  Winmgmt - ok
13:53:46.0147 4708  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:53:46.0156 4708  WinRM - ok
13:53:46.0194 4708  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:53:46.0198 4708  Wlansvc - ok
13:53:46.0200 4708  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:53:46.0201 4708  WmiAcpi - ok
13:53:46.0213 4708  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:53:46.0214 4708  wmiApSrv - ok
13:53:46.0227 4708  WMPNetworkSvc - ok
13:53:46.0241 4708  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:53:46.0243 4708  WPCSvc - ok
13:53:46.0258 4708  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:53:46.0261 4708  WPDBusEnum - ok
13:53:46.0264 4708  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:53:46.0265 4708  ws2ifsl - ok
13:53:46.0281 4708  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:53:46.0284 4708  wscsvc - ok
13:53:46.0287 4708  WSearch - ok
13:53:46.0347 4708  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:53:46.0360 4708  wuauserv - ok
13:53:46.0370 4708  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:53:46.0371 4708  WudfPf - ok
13:53:46.0389 4708  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:53:46.0390 4708  WUDFRd - ok
13:53:46.0411 4708  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:53:46.0412 4708  wudfsvc - ok
13:53:46.0425 4708  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:53:46.0426 4708  WwanSvc - ok
13:53:46.0435 4708  ================ Scan global ===============================
13:53:46.0449 4708  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:53:46.0463 4708  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:53:46.0470 4708  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:53:46.0486 4708  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:53:46.0517 4708  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:53:46.0521 4708  [Global] - ok
13:53:46.0522 4708  ================ Scan MBR ==================================
13:53:46.0553 4708  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:53:46.0704 4708  \Device\Harddisk0\DR0 - ok
13:53:46.0707 4708  [ 3DFBD33517922022AAB2367021B4BBEC ] \Device\Harddisk1\DR1
13:53:46.0709 4708  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
13:53:46.0709 4708  \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
13:53:46.0709 4708  ================ Scan VBR ==================================
13:53:46.0711 4708  [ A75CFC6E1FDFBAEE7262F0DCA6E10EC5 ] \Device\Harddisk0\DR0\Partition1
13:53:46.0713 4708  \Device\Harddisk0\DR0\Partition1 - ok
13:53:46.0722 4708  [ A55FB4813D5CC737A1C872028EB716E1 ] \Device\Harddisk0\DR0\Partition2
13:53:46.0724 4708  \Device\Harddisk0\DR0\Partition2 - ok
13:53:46.0735 4708  [ A2475E0CC9C87A4B144A9792798CA1D1 ] \Device\Harddisk0\DR0\Partition3
13:53:46.0736 4708  \Device\Harddisk0\DR0\Partition3 - ok
13:53:46.0750 4708  [ C97506C89400F80D4344D52B42E7D8B1 ] \Device\Harddisk0\DR0\Partition4
13:53:46.0752 4708  \Device\Harddisk0\DR0\Partition4 - ok
13:53:46.0754 4708  [ AF09F3106187641F5EF1D63EA1EB6518 ] \Device\Harddisk1\DR1\Partition1
13:53:46.0755 4708  \Device\Harddisk1\DR1\Partition1 - ok
13:53:46.0756 4708  ============================================================
13:53:46.0756 4708  Scan finished
13:53:46.0756 4708  ============================================================
13:53:46.0762 2716  Detected object count: 1
13:53:46.0762 2716  Actual detected object count: 1
13:54:09.0937 2716  \Device\Harddisk1\DR1\# - copied to quarantine
13:54:09.0937 2716  \Device\Harddisk1\DR1 - copied to quarantine
13:54:09.0938 2716  \Device\Harddisk1\DR1 - processing error
13:54:53.0119 2716  \Device\Harddisk1\DR1 - restored
13:54:53.0119 2716  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore 
13:55:02.0594 4652  Deinitialize success
         
ComboFix:

Code:
ATTFilter
ComboFix 13-04-08.04 - Manu 09.04.2013  14:33:34.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8150.6162 [GMT 2:00]
ausgeführt von:: c:\users\Manu\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-09 bis 2013-04-09  ))))))))))))))))))))))))))))))
.
.
2013-04-09 12:36 . 2013-04-09 12:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-09 11:54 . 2013-04-09 11:54	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-04-09 11:26 . 2013-03-19 03:50	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2E800CF-CC09-4268-9786-7EB8807801CC}\mpengine.dll
2013-04-07 22:12 . 2013-04-07 22:12	--------	d-----w-	c:\program files\Microsoft Sync Framework
2013-04-03 01:41 . 2013-04-03 01:41	--------	d-----w-	c:\program files (x86)\AMD
2013-04-02 23:14 . 2013-04-03 10:38	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2013-04-01 13:37 . 2013-04-01 13:37	--------	d-----w-	c:\programdata\Trymedia
2013-04-01 13:30 . 2005-07-22 17:59	3807440	----a-w-	c:\windows\system32\d3dx9_27.dll
2013-04-01 11:47 . 2013-04-01 11:47	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2013-04-01 02:16 . 2013-04-01 02:16	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2013-04-01 02:16 . 2013-04-01 02:16	--------	d-----w-	c:\windows\PCHEALTH
2013-04-01 02:16 . 2013-04-01 02:16	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-01 02:14 . 2013-04-01 02:14	--------	d-----w-	c:\program files\Microsoft Office
2013-04-01 02:14 . 2013-04-01 02:14	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2013-04-01 02:13 . 2013-04-01 12:11	--------	d-----w-	c:\programdata\Microsoft Help
2013-03-31 23:37 . 2013-03-31 23:37	--------	d-----w-	c:\programdata\ATI
2013-03-31 23:37 . 2013-03-31 23:37	--------	d-----w-	c:\programdata\AMD
2013-03-31 23:37 . 2013-03-31 23:37	--------	d-----w-	c:\program files (x86)\AMD AVT
2013-03-31 23:37 . 2013-03-31 23:37	--------	d-----w-	c:\program files (x86)\AMD APP
2013-03-31 23:37 . 2013-03-31 23:37	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2013-03-31 23:37 . 2013-03-31 23:37	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2013-03-31 23:36 . 2013-03-31 23:36	--------	d-----w-	c:\program files (x86)\ATI Technologies
2013-03-31 23:29 . 2013-03-31 23:29	--------	d-----w-	c:\program files\ATI
2013-03-31 23:10 . 2013-03-31 23:10	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-03-31 23:10 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-31 23:10 . 2013-03-31 23:10	--------	d-----w-	c:\program files\iTunes
2013-03-31 23:10 . 2013-03-31 23:10	--------	d-----w-	c:\programdata\Apple Computer
2013-03-31 23:10 . 2013-03-31 23:10	--------	d-----w-	c:\program files\iPod
2013-03-31 23:09 . 2013-03-31 23:09	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-03-31 23:09 . 2013-03-31 23:09	--------	d-----w-	c:\program files\Common Files\Apple
2013-03-31 23:09 . 2013-03-31 23:09	--------	d-----w-	c:\program files\Bonjour
2013-03-31 23:09 . 2013-03-31 23:09	--------	d-----w-	c:\program files (x86)\Bonjour
2013-03-31 23:09 . 2013-03-31 23:10	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-03-31 23:09 . 2013-03-31 23:09	--------	d-----w-	c:\programdata\Apple
2013-03-31 22:30 . 2013-03-31 22:30	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-31 22:30 . 2013-03-31 22:31	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2013-03-31 17:58 . 2008-07-31 08:41	68616	----a-w-	c:\windows\SysWow64\XAPOFX1_1.dll
2013-03-31 17:58 . 2008-07-31 08:40	509448	----a-w-	c:\windows\SysWow64\XAudio2_2.dll
2013-03-31 17:58 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2013-03-31 17:58 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2013-03-31 17:58 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2013-03-31 15:44 . 2013-04-08 22:36	--------	d-----w-	c:\programdata\PMB Files
2013-03-31 15:44 . 2013-03-31 15:44	--------	d-----w-	c:\program files (x86)\Pando Networks
2013-03-31 14:49 . 2013-03-31 14:49	--------	d-----w-	c:\program files\Logitech Gaming Software
2013-03-31 14:47 . 2013-03-31 14:47	--------	d-----w-	c:\program files\Realtek
2013-03-31 14:12 . 2012-12-04 13:21	791608	----a-w-	c:\windows\system32\drivers\iusb3xhc.sys
2013-03-31 14:12 . 2012-12-04 13:21	20024	----a-w-	c:\windows\system32\drivers\iusb3hcs.sys
2013-03-31 14:12 . 2012-12-04 13:21	358456	----a-w-	c:\windows\system32\drivers\iusb3hub.sys
2013-03-31 14:11 . 2013-03-31 14:11	--------	d-----w-	c:\program files (x86)\Realtek
2013-03-31 14:11 . 2013-03-31 14:47	--------	d--h--w-	c:\program files (x86)\Temp
2013-03-31 14:11 . 2012-05-25 16:06	1706640	----a-w-	c:\windows\RtlExUpd.dll
2013-03-31 12:29 . 2013-03-31 13:36	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-03-31 12:29 . 2013-03-31 13:36	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-03-31 11:54 . 2013-03-31 11:54	--------	d-----w-	c:\program files (x86)\Canon
2013-03-31 01:38 . 2013-03-31 01:38	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-31 01:38 . 2013-03-31 01:38	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-31 01:37 . 2013-03-31 01:37	--------	d-----w-	c:\windows\system32\appmgmt
2013-03-31 01:24 . 2013-03-31 01:24	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2013-03-31 00:54 . 2011-05-10 12:37	655872	----a-w-	c:\windows\SysWow64\msvcr90.dll
2013-03-31 00:54 . 2011-05-10 12:37	568832	----a-w-	c:\windows\SysWow64\msvcp90.dll
2013-03-31 00:54 . 2011-05-10 12:37	224768	----a-w-	c:\windows\SysWow64\msvcm90.dll
2013-03-31 00:54 . 2006-05-04 07:33	53248	----a-w-	c:\windows\SysWow64\CommonDL.dll
2013-03-31 00:54 . 2005-11-24 01:34	82432	----a-w-	c:\windows\SysWow64\msxml4r.dll
2013-03-31 00:54 . 2005-10-04 00:39	44544	----a-w-	c:\windows\SysWow64\msxml4a.dll
2013-03-31 00:38 . 2013-03-31 00:38	--------	d-----w-	c:\programdata\LogiShrd
2013-03-31 00:38 . 2013-03-31 14:49	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-03-31 00:32 . 2013-03-31 02:56	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-31 00:32 . 2013-03-31 02:56	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-31 00:32 . 2013-03-31 02:56	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-31 00:32 . 2013-03-31 02:56	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-31 00:32 . 2013-03-31 02:56	188320	----a-w-	c:\windows\system32\java.exe
2013-03-31 00:32 . 2013-03-31 02:56	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-31 00:21 . 2013-03-31 00:21	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-03-31 00:21 . 2013-03-31 00:21	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-31 00:21 . 2013-03-31 00:21	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-31 00:21 . 2013-03-31 00:21	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 23:58 . 2013-03-30 23:58	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2013-03-30 23:55 . 2013-03-30 23:55	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-03-30 23:52 . 2013-03-30 23:52	--------	d-----w-	c:\windows\SysWow64\Adobe
2013-03-30 23:48 . 2012-06-17 20:18	1202688	----a-w-	c:\windows\system32\ac3filter64.acm
2013-03-30 23:48 . 2012-06-17 20:10	965120	----a-w-	c:\windows\SysWow64\ac3filter.acm
2013-03-30 22:30 . 2013-03-30 22:30	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2013-03-30 22:30 . 2013-03-30 22:30	--------	d--h--w-	c:\programdata\CanonBJ
2013-03-30 22:30 . 2012-03-14 04:00	99840	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPPAD.DLL
2013-03-30 22:30 . 2012-03-14 04:00	30208	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPDAD.DLL
2013-03-30 22:30 . 2012-03-14 04:00	385024	----a-w-	c:\windows\system32\CNMLMAD.DLL
2013-03-30 22:30 . 2010-03-18 18:25	307200	----a-w-	c:\windows\SysWow64\CNC5100L.dll
2013-03-30 22:30 . 2010-03-18 16:11	106496	----a-w-	c:\windows\SysWow64\CNC5100U.dll
2013-03-30 22:30 . 2008-08-25 17:02	15872	----a-w-	c:\windows\SysWow64\CNHMCA.dll
2013-03-30 22:30 . 2010-03-18 18:26	348672	----a-w-	c:\windows\system32\CNC5100L.dll
2013-03-30 22:30 . 2010-03-18 16:13	1354240	----a-w-	c:\windows\system32\CNC5100C.dll
2013-03-30 22:30 . 2010-03-18 16:13	112128	----a-w-	c:\windows\system32\CNC5100I.dll
2013-03-30 22:30 . 2008-08-25 17:02	17920	----a-w-	c:\windows\system32\CNHMCA6.dll
2013-03-30 22:26 . 2013-03-30 22:26	--------	d-----w-	c:\windows\SysWow64\Macromed
2013-03-30 22:26 . 2013-03-30 22:26	--------	d-----w-	c:\windows\system32\Macromed
2013-03-30 22:17 . 2013-03-31 00:35	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-03-30 20:45 . 2012-12-21 16:20	2468520	----a-w-	c:\windows\SysWow64\BootMan.exe
2013-03-30 20:45 . 2012-12-21 12:54	14920	----a-w-	c:\windows\SysWow64\epmntdrv.sys
2013-03-30 20:45 . 2012-12-21 12:53	9800	----a-w-	c:\windows\system32\EuGdiDrv.sys
2013-03-30 20:45 . 2012-12-21 12:53	9160	----a-w-	c:\windows\SysWow64\EuGdiDrv.sys
2013-03-30 20:45 . 2012-12-21 12:53	87112	----a-w-	c:\windows\SysWow64\setupempdrv03.exe
2013-03-30 20:45 . 2012-12-21 12:53	17480	----a-w-	c:\windows\system32\epmntdrv.sys
2013-03-30 20:45 . 2012-12-21 12:53	100936	----a-w-	c:\windows\system32\setupempdrvx64.exe
2013-03-30 20:45 . 2012-12-20 13:46	3376640	----a-w-	c:\windows\system32\BootMan.exe
2013-03-30 20:45 . 2012-05-15 10:13	3316736	----a-w-	c:\windows\system32\¸´¼þ BootMan.exe
2013-03-30 20:45 . 2011-07-29 12:54	19840	----a-w-	c:\windows\SysWow64\EuEpmGdi.dll
2013-03-30 20:45 . 2011-07-29 12:54	16256	----a-w-	c:\windows\system32\EuEpmGdi.dll
2013-03-30 20:45 . 2013-03-30 20:45	--------	d-----w-	c:\program files (x86)\EaseUS Partition Master 9.2.1 Home Edition
2013-03-30 20:18 . 2013-03-30 20:18	0	----a-w-	c:\windows\ativpsrm.bin
2013-03-30 19:52 . 2013-04-01 02:16	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-03-30 19:42 . 2012-12-07 13:20	441856	----a-w-	c:\windows\system32\Wpc.dll
2013-03-30 19:41 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2013-03-30 19:23 . 2013-03-30 19:23	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-03-30 19:23 . 2013-03-30 19:23	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-03-30 19:20 . 2013-03-04 13:53	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-30 19:04 . 2013-03-30 19:04	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-30 19:01 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-03-30 18:58 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-03-30 18:58 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-03-30 18:58 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-03-30 18:58 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-03-30 18:58 . 2010-09-30 10:41	100864	----a-w-	c:\windows\system32\fontsub.dll
2013-03-30 18:58 . 2010-09-30 06:47	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-03-30 18:58 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-03-30 18:58 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 23:10 . 2010-11-21 03:27	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-03-30 19:41	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-30 19:41	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-30 19:41	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-30 19:41	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-30 19:41	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-30 19:41	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-23 20:57 . 2013-02-20 15:48	64624	----a-w-	c:\windows\system32\drivers\HECIx64.sys
2013-01-17 20:15 . 2013-01-17 20:15	66800	----a-w-	c:\windows\system32\drivers\LGSHidFilt.Sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-26 5671984]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
c:\users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-5 25863280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - d:\lolreplay\LOLRecorder.exe [2013-2-14 523264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 atillk64;atillk64;c:\program files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys [2006-07-19 14608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-04-07 25640]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-04-07 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 20024]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-31 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-05-10 165144]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-12-11 27768]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-02-03 59520]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-02-03 84736]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-12-04 358456]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-12-04 791608]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2013-03-04 127568]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-01-17 66800]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTCore64;RTCore64;d:\msi afterburner\RTCore64.sys [2013-01-23 13368]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-02-22 2210376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-31 01:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-26 5671984]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 7468784]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{B8AE74B7-2DF4-47A9-824E-79235F413517}: NameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2737083 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2742613 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2789648 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{B25F10DE-DC95-CF99-D737-E399FFD0E213} - c:\progra~3\INSTAL~1\{5E8A8~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-09  14:38:05
ComboFix-quarantined-files.txt  2013-04-09 12:38
.
Vor Suchlauf: 7 Verzeichnis(se), 25.103.355.904 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 24.552.939.520 Bytes frei
.
- - End Of File - - 0290552699F5592DC1CCA312DF05CB5F
         

Alt 09.04.2013, 13:52   #8
Manu39
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



So und hier noch OTL:

Code:
ATTFilter
OTL logfile created on: 09.04.2013 14:40:06 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 74,82% Memory free
15,92 Gb Paging File | 13,66 Gb Available in Paging File | 85,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,58 Gb Total Space | 22,95 Gb Free Space | 39,18% Space Free | Partition Type: NTFS
Drive D: | 200,01 Gb Total Space | 175,03 Gb Free Space | 87,51% Space Free | Partition Type: NTFS
Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1862,87 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
 
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
PRC - [2013.04.03 12:54:59 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe
PRC - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.30 19:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.14 08:05:44 | 000,523,264 | ---- | M] (LOL Replay) -- D:\LOLReplay\LOLRecorder.exe
PRC - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- D:\MSI Afterburner\MSIAfterburner.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.04 15:22:01 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.02.01 17:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.03 12:54:59 | 003,143,576 | ---- | M] () -- D:\Mozilla Firefox\mozjs.dll
MOD - [2013.03.31 03:14:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.03.31 00:01:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.03.30 23:47:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.03.30 23:46:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.03.30 23:44:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll
MOD - [2013.03.30 23:43:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.03.30 23:43:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.03.30 23:43:53 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll
MOD - [2013.03.30 23:43:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.03.30 23:43:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.03.30 23:43:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.03.30 23:43:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.03.30 23:43:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.03.30 23:43:05 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.02.14 08:05:36 | 000,311,808 | ---- | M] () -- D:\LOLReplay\LOLUtils.dll
MOD - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- D:\MSI Afterburner\MSIAfterburner.exe
MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- D:\MSI Afterburner\RTMUI.dll
MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- D:\MSI Afterburner\RTHAL.dll
MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- D:\MSI Afterburner\RTCore.dll
MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- D:\MSI Afterburner\RTUI.dll
MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- D:\MSI Afterburner\RTFC.dll
MOD - [2012.11.30 12:48:46 | 000,061,440 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2012.11.30 12:26:54 | 000,147,456 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2012.11.30 12:24:00 | 000,061,440 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- D:\MSI Afterburner\RTTSH.dll
MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.11 08:59:08 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.31 03:38:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.23 22:57:38 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.04 08:42:06 | 000,127,568 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2013.02.22 08:44:18 | 002,210,376 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2013.01.23 22:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.12.21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012.12.21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.04 15:21:10 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.12.04 15:21:10 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.12.04 15:21:09 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.03 20:23:56 | 000,084,736 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.02.03 20:23:56 | 000,059,520 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.02.01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.04.07 20:57:03 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.04.07 20:52:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- D:\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.12.21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012.12.21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.19 13:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys -- (atillk64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7A 8B 35 6E 2D CE 01  [binary data]
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: B:\java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: B:\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: B:\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: B:\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: B:\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: D:\Mozilla Firefox\components [2013.04.03 12:54:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: D:\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Mozilla Thunderbird\components [2013.03.31 01:24:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Mozilla Thunderbird\plugins
 
[2013.03.31 00:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions
[2013.03.31 17:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions
[2013.03.31 17:35:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions\foxyproxy@eric.h.jung
[2013.03.31 01:01:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qu7f4cso.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8AE74B7-2DF4-47A9-824E-79235F413517}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.09 14:38:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.09 14:33:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.09 14:33:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.09 14:33:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.09 14:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.09 14:32:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.09 14:30:36 | 005,049,517 | R--- | C] (Swearware) -- C:\Users\Manu\Desktop\ComboFix.exe
[2013.04.09 13:54:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.04.09 13:20:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manu\Desktop\tdsskiller.exe
[2013.04.08 20:51:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
[2013.04.08 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013.04.07 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.04.07 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\TeamViewer
[2013.04.07 22:28:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.04.07 22:28:51 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013.04.05 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.05 18:49:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\LOLReplay
[2013.04.03 03:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2013.04.03 01:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.04.01 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013.04.01 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2013.04.01 15:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FEAR
[2013.04.01 15:00:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.01 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.01 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando
[2013.04.01 14:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando
[2013.04.01 13:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.04.01 04:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.04.01 04:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.04.01 04:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.04.01 04:16:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.04.01 04:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.04.01 04:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.04.01 04:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.04.01 04:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft Help
[2013.04.01 04:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.04.01 01:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.04.01 01:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.01 01:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.01 01:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.01 01:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Apple Computer
[2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple Computer
[2013.04.01 01:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.04.01 01:10:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.01 01:09:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple
[2013.04.01 01:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.04.01 01:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.04.01 00:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.04.01 00:30:59 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.01 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite
[2013.04.01 00:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.04.01 00:29:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited
[2013.04.01 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.04.01 00:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQM
[2013.04.01 00:13:25 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile
[2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.01 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Notepad++
[2013.03.31 21:32:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\LolClient
[2013.03.31 20:00:42 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop\Games
[2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\PMB Files
[2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.03.31 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.03.31 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.03.31 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.03.31 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
[2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013.03.31 16:48:37 | 009,208,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVIA64.dll
[2013.03.31 16:48:37 | 000,908,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.03.31 16:48:37 | 000,394,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.03.31 16:48:37 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013.03.31 16:48:36 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll
[2013.03.31 16:48:36 | 002,099,480 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll
[2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2013.03.31 16:48:36 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll
[2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll
[2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll
[2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2013.03.31 16:48:36 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll
[2013.03.31 16:48:36 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll
[2013.03.31 16:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.03.31 16:46:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013.03.31 16:46:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013.03.31 16:46:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013.03.31 16:46:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013.03.31 16:46:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013.03.31 16:46:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013.03.31 16:46:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013.03.31 16:46:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013.03.31 16:46:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013.03.31 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.03.31 16:11:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.03.31 14:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.31 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\WindowsUpdate
[2013.03.31 14:08:13 | 000,000,000 | R--D | C] -- C:\Users\Manu\Dropbox
[2013.03.31 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.03.31 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Dropbox
[2013.03.31 13:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.03.31 13:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.03.31 04:14:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.03.31 04:09:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\vlc
[2013.03.31 04:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.31 04:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\WinRAR
[2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.31 03:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2013.03.31 03:37:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.31 03:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\LG Electronics
[2013.03.31 03:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Logitech
[2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.03.31 02:38:44 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Leadertech
[2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logitech
[2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logishrd
[2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.31 01:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.03.31 01:57:52 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Adobe
[2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.03.31 01:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.03.31 01:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Thunderbird
[2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Thunderbird
[2013.03.31 00:30:42 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.03.31 00:30:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Macromedia
[2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Macromedia
[2013.03.31 00:26:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.03.31 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Mozilla
[2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Mozilla
[2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.31 00:07:13 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VS Revo Group
[2013.03.30 22:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition
[2013.03.30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS Partition Master 9.2.1 Home Edition
[2013.03.30 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\temp
[2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ATI
[2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\ATI
[2013.03.30 21:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.03.30 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013.03.30 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Adobe
[2013.03.30 20:00:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Avira
[2013.03.30 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.30 19:57:56 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.30 19:57:56 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.30 19:57:56 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.30 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Diagnostics
[2013.03.30 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Programs
[2013.03.30 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Google
[2013.03.30 18:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.03.30 18:16:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Intel Corporation
[2013.03.30 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013.03.30 18:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013.03.30 18:02:06 | 000,084,736 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys
[2013.03.30 18:02:06 | 000,059,520 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys
[2013.03.30 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2013.03.30 18:00:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.03.30 18:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013.03.30 17:59:34 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013.03.30 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2013.03.30 17:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.03.30 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.03.30 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.03.30 17:58:44 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.03.30 17:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.03.30 17:58:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\InstallShield
[2013.03.30 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.03.30 17:56:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.03.30 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Google
[2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\Searches
[2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.30 17:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Identities
[2013.03.30 17:48:24 | 000,000,000 | R--D | C] -- C:\Users\Manu\Contacts
[2013.03.30 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VirtualStore
[2013.03.30 17:48:18 | 000,000,000 | --SD | C] -- C:\Users\Manu\AppData\Roaming\Microsoft
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Videos
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Saved Games
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Pictures
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Music
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Links
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Favorites
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Downloads
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Documents
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop
[2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Vorlagen
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Verlauf
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Temporary Internet Files
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Startmenü
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\SendTo
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Recent
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Netzwerkumgebung
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Lokale Einstellungen
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Videos
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Musik
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Eigene Dateien
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Bilder
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Druckumgebung
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Cookies
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Anwendungsdaten
[2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Anwendungsdaten
[2013.03.30 17:48:18 | 000,000,000 | -H-D | C] -- C:\Users\Manu\AppData
[2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Temp
[2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft
[2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Media Center Programs
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.30 17:48:15 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.03.30 17:48:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.03.30 17:40:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.03.30 17:39:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.03.30 17:39:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.03.27 17:38:06 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2013.03.13 05:35:44 | 000,127,568 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.09 14:33:25 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 14:33:25 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 14:31:08 | 005,049,517 | R--- | M] (Swearware) -- C:\Users\Manu\Desktop\ComboFix.exe
[2013.04.09 14:30:19 | 001,618,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.09 14:30:19 | 000,698,912 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.09 14:30:19 | 000,653,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.09 14:30:19 | 000,149,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.09 14:30:19 | 000,121,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 14:26:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 14:25:49 | 2114,703,359 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 14:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.09 13:20:19 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manu\Desktop\tdsskiller.exe
[2013.04.09 13:09:13 | 000,341,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.08 20:59:22 | 000,377,856 | ---- | M] () -- C:\Users\Manu\Desktop\gmer_2.1.19163.exe
[2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
[2013.04.08 20:12:15 | 000,050,477 | ---- | M] () -- C:\Users\Manu\Desktop\Defogger.exe
[2013.04.08 01:31:05 | 000,000,614 | ---- | M] () -- C:\Users\Manu\Desktop\VLC media player.lnk
[2013.04.07 23:49:21 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.04.07 22:28:51 | 000,000,606 | ---- | M] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk
[2013.04.07 20:52:46 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013.04.07 20:52:28 | 000,002,725 | ---- | M] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk
[2013.04.07 20:29:53 | 000,001,055 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 18:49:37 | 000,000,685 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.04.01 01:37:44 | 000,002,128 | ---- | M] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk
[2013.04.01 01:10:21 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.01 00:32:56 | 000,000,355 | ---- | M] () -- C:\Users\Manu\Desktop\Computer.lnk
[2013.04.01 00:31:28 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.01 00:29:02 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.04.01 00:13:48 | 000,001,806 | ---- | M] () -- C:\Users\Manu\Desktop\ICQ.lnk
[2013.03.31 14:04:44 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.31 13:54:20 | 000,002,130 | ---- | M] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk
[2013.03.31 05:04:40 | 000,001,133 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2013.03.31 04:48:52 | 000,000,675 | ---- | M] () -- C:\Users\Manu\Desktop\eclipse.lnk
[2013.03.31 04:04:39 | 000,000,882 | ---- | M] () -- C:\Users\Manu\Desktop\CCleaner.lnk
[2013.03.31 02:54:36 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013.03.31 01:15:21 | 000,005,766 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.30 22:18:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.03.30 21:21:29 | 000,001,290 | ---- | M] () -- C:\Users\Manu\Desktop\dfrgui.lnk
[2013.03.30 21:20:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.30 19:57:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.30 18:00:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.03.30 17:58:09 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.09 14:33:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.09 14:33:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.09 14:33:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.09 14:33:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.09 14:33:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.09 13:09:03 | 000,341,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.08 20:59:21 | 000,377,856 | ---- | C] () -- C:\Users\Manu\Desktop\gmer_2.1.19163.exe
[2013.04.08 20:12:13 | 000,050,477 | ---- | C] () -- C:\Users\Manu\Desktop\Defogger.exe
[2013.04.08 14:45:30 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk
[2013.04.08 01:31:05 | 000,000,614 | ---- | C] () -- C:\Users\Manu\Desktop\VLC media player.lnk
[2013.04.07 23:49:21 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.04.07 22:28:51 | 000,000,606 | ---- | C] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk
[2013.04.07 20:52:28 | 000,002,725 | ---- | C] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk
[2013.04.05 18:49:37 | 000,000,685 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.04.01 01:37:44 | 000,002,128 | ---- | C] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk
[2013.04.01 01:10:21 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.01 01:09:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.01 00:32:56 | 000,000,355 | ---- | C] () -- C:\Users\Manu\Desktop\Computer.lnk
[2013.04.01 00:31:28 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.01 00:29:02 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.04.01 00:29:02 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013.04.01 00:13:48 | 000,001,806 | ---- | C] () -- C:\Users\Manu\Desktop\ICQ.lnk
[2013.03.31 14:05:50 | 000,001,055 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.31 13:54:20 | 000,002,130 | ---- | C] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk
[2013.03.31 04:48:52 | 000,000,675 | ---- | C] () -- C:\Users\Manu\Desktop\eclipse.lnk
[2013.03.31 04:04:39 | 000,000,882 | ---- | C] () -- C:\Users\Manu\Desktop\CCleaner.lnk
[2013.03.31 03:38:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 03:19:55 | 000,000,988 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.03.31 02:54:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013.03.31 02:54:22 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013.03.31 02:13:42 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.31 01:55:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.31 01:48:42 | 001,202,688 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2013.03.31 01:48:42 | 000,965,120 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2013.03.31 01:24:03 | 000,000,776 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.03.31 01:12:27 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL
[2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL
[2013.03.31 00:17:16 | 000,000,681 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.30 22:56:21 | 000,001,133 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2013.03.30 22:45:52 | 003,376,640 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2013.03.30 22:45:52 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\¸´¼þ BootMan.exe
[2013.03.30 22:45:52 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013.03.30 22:45:52 | 000,100,936 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2013.03.30 22:45:52 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013.03.30 22:45:52 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013.03.30 22:45:52 | 000,017,480 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2013.03.30 22:45:52 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2013.03.30 22:45:52 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013.03.30 22:45:52 | 000,009,800 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2013.03.30 22:45:52 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013.03.30 22:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.03.30 21:43:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.30 21:43:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.30 21:21:29 | 000,001,290 | ---- | C] () -- C:\Users\Manu\Desktop\dfrgui.lnk
[2013.03.30 21:20:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.30 19:57:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.30 18:14:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.03.30 18:02:20 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe
[2013.03.30 18:02:20 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys
[2013.03.30 18:00:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.03.30 17:59:11 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.03.30 17:54:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.03.30 17:49:08 | 000,001,413 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.30 17:42:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.03.30 17:41:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.03.30 17:39:43 | 2114,703,359 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.01 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited
[2013.04.01 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite
[2013.04.09 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Dropbox
[2013.04.01 16:13:19 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile
[2013.04.01 00:15:00 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQM
[2013.03.31 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Leadertech
[2013.03.31 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\LolClient
[2013.04.01 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Notepad++
[2013.04.07 23:48:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\TeamViewer
[2013.03.31 01:24:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 09.04.2013, 14:01   #9
aharonov
/// TB-Ausbilder
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Prima.
Wie läuft der Rechner jetzt?


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware .
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 09.04.2013, 15:45   #10
Manu39
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hey, sry der ESET scan hat Ewigkeiten gedauert.
Also der Rechner läuft und lief auch schon die ganze Zeit sehr gut, hab den Virus ja nur durch einen abschließenden Komplettscan entdeckt

SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
MBAM:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Manu :: MANU-PC [Administrator]

09.04.2013 15:12:23
mbam-log-2013-04-09 (15-12-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216116
Laufzeit: 1 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET hat bei angeschlossener externer Festplatte keinerlei Infektionen gefunden.

und OTL:

Code:
ATTFilter
All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Manu
->Temp folder emptied: 691 bytes
->Temporary Internet Files folder emptied: 258 bytes
->FireFox cache emptied: 9126861 bytes
->Flash cache emptied: 67021 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 33817600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 41,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04092013_150540

Files\Folders moved on Reboot...
C:\Users\Manu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 09.04.2013, 15:47   #11
aharonov
/// TB-Ausbilder
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hi,

ja, der ESET-Scan dauert lange, das ist normal.
Aber das sieht alles sehr gut aus bei dir. Wir räumen jetzt noch auf.

Überprüfe noch mit diesem Plugin-Check, ob alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
  2. Falls Combofix eingesetzt wurde, dann deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  3. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  4. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  5. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  6. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________
cheers,
Leo

Alt 09.04.2013, 16:11   #12
Manu39
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Hey, also Plugin-Check hab ich gemacht und alles ist aktuell außer "Java ist nicht Installiert oder nicht aktiviert." sollte ich das noch installieren für Firefox? JDK + JRE ist eigentlich installiert.

Die letzten Punkte zum Cleanup werde ich dann jetzt durchführen (MBAM und ESET werde ich dann behalten )
Eine kleine Frage noch: als einziges clean bzw. tune Programm benutze ich den CCleaner mit CCEnhancer, ist der noch i.o. oder auch lieber sein lassen?
Und dann habe ich noch vor die externe Festplatte nochmal richtig gründlich zu formatieren.

Falls nichts mehr schief geht mit den letzten Dingen, bedanke ich mich hiermit schonmal bei dir und dem Rest von euerm Team, ging echt alles flüssig und schnell!

Viele grüße, Manuel!

Alt 09.04.2013, 16:20   #13
aharonov
/// TB-Ausbilder
 
BOO/Whistler.DB in  'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Standard

BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''



Danke für die Rückmeldung, Manuel.

Das mit Java ist ok so, du brauchst nichts mehr zu machen.
Wir raten beim CCleaner einfach davon ab, die Registry zu bereinigen. In der Registry sollte man nicht ohne Not rumpfuschen. Bringt eh nicht viel und kann auch mal schief gehen. Die restlichen Funktionen sind ok.


Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''
antivir, autorun, avira, bho, bonjour, error, firefox, flash player, helper, iexplore.exe, install.exe, installation, launch, logfile, manuel, mozilla, pando media booster, realtek, registry, rundll, schädling, security, super, svchost.exe, taskhost.exe, teamspeak, trojaner-board, usb, virus, windows, windows xp



Ähnliche Themen: BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''


  1. Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\'
    Log-Analyse und Auswertung - 26.09.2013 (15)
  2. Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)
    Log-Analyse und Auswertung - 14.09.2012 (27)
  3. Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (51)
  4. Virus BOO/Whistler.DB im Masterbootsektor HD1 gefunden(Avira)
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (5)
  5. boo/whistler.db im Masterbootsektor gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (33)
  6. Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD0 (von Antivir)
    Log-Analyse und Auswertung - 12.06.2012 (7)
  7. Boo.Whistler.A im Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  8. BOO/whistler.A im Master Bootsektor
    Log-Analyse und Auswertung - 18.01.2012 (20)
  9. BOO/Whistler.A in Masterbootsektor HD0, sowie in beiden Partitionen gefunden
    Log-Analyse und Auswertung - 02.01.2012 (27)
  10. BOO/Whistler.A in Masterbootsektor gefunden F und I
    Log-Analyse und Auswertung - 21.11.2011 (22)
  11. Masterbootsektor Virus "BOO/Whistler"
    Log-Analyse und Auswertung - 30.09.2011 (34)
  12. Boo Whistler im Masterbootsektor
    Log-Analyse und Auswertung - 07.09.2011 (18)
  13. BOO/Whistler.A in Masterbootsektor gefunden,Lfw D: ist verschwunden
    Log-Analyse und Auswertung - 11.08.2011 (25)
  14. Boo Whistler.A Bootsektor verändert - Kein Start von XP mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (52)
  15. Boo/Whistler.a im Bootsektor F: (externe Festplatte)
    Log-Analyse und Auswertung - 19.07.2011 (7)
  16. BOO/Whistler.A im Bootsektor D:. Festplatte D: verschwunden/kein Zugriff
    Log-Analyse und Auswertung - 18.07.2011 (28)
  17. BOO/Sinowal.F in Masterbootsektor und Bootsektor D (Win Xp SP 2)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (24)

Zum Thema BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' - Hey liebes trojaner-board Team, schonmal vielen Dank im Vorraus, ist echt eine super Sache hier! Also, ich habe mir jedenfalls gerade einen neuen PC zugelegt, alles ordnungsgemäß installiert und funktioniert - BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''...
Archiv
Du betrachtest: BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.