| |
| |||||||
Log-Analyse und Auswertung: BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.04.2013, 20:37
| #1 |
| |  BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hey liebes trojaner-board Team, schonmal vielen Dank im Vorraus, ist echt eine super Sache hier! Also, ich habe mir jedenfalls gerade einen neuen PC zugelegt, alles ordnungsgemäß installiert und funktioniert auch alles einwandfrei. Zum Schluss habe ich eben nochmal mit Avira antivir eine Vollständige Systemprüfung durchgeführt. Und wie der Titel schon sagt, wurde der "BOO/Whistler.DB" Bootvirus in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' entdeckt. (HD1 ist nicht die Systempartition sondern bei mir E:\ wo ich alle meine Daten speichere und I ist hier meine Externe Festplatte, die zur Datensicherung von E:\ dient.) Natürlich habe ich mich erstmal selbst ein wenig informiert und bin schließlich auf den Avira bootwizard gestoßen und habe den Bootsektor mit der gebrannten CD dann überschrieben. Nach dem 1. mal hat es garnichts genützt, beim 2. mal anscheinend schon, denn dann hat weder Windows Defender mit Schnellüberprüfung, noch Aviras Komplettsuchlauf den besagten Bootvirus, noch irgendeinen anderen Schädling entdeckt. Jetzt habe ich dennoch ein bisschen Angst, dass noch irgendetwas Schädliches vorhanden ist, wäre schon ärgerlich bei einem komplett neuen PC. So, ich hoffe mal, dass ich nichts vergessen habe. Hier die 3 benötigten Scans: OTL.txt Code:
ATTFilter OTL logfile created on: 08.04.2013 20:53:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manu\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 78,04% Memory free 15,92 Gb Paging File | 12,94 Gb Available in Paging File | 81,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,58 Gb Total Space | 23,90 Gb Free Space | 40,80% Space Free | Partition Type: NTFS Drive D: | 200,01 Gb Total Space | 175,04 Gb Free Space | 87,52% Space Free | Partition Type: NTFS Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe PRC - [2013.04.03 12:54:59 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe PRC - [2013.03.31 03:38:37 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.30 19:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.04 15:22:01 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 17:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.04.03 12:54:59 | 003,143,576 | ---- | M] () -- D:\Mozilla Firefox\mozjs.dll MOD - [2013.03.31 03:38:37 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.03.30 23:44:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll MOD - [2013.03.30 23:43:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.03.30 23:43:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.03.30 23:43:53 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll MOD - [2013.03.30 23:43:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.03.30 23:43:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.03.30 23:43:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.03.30 23:43:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.03.30 23:43:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.03.30 23:43:05 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.11 08:59:08 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.31 03:38:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.23 22:57:38 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.04 08:42:06 | 000,127,568 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2013.02.22 08:44:18 | 002,210,376 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2013.01.23 22:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.12.21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2012.12.21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.04 15:21:10 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.12.04 15:21:10 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.12.04 15:21:09 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.03 20:23:56 | 000,084,736 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.02.03 20:23:56 | 000,059,520 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.02.01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.04.07 20:57:03 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013.04.07 20:52:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2012.12.21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2012.12.21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.19 13:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys -- (atillk64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7A 8B 35 6E 2D CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: B:\java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: B:\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: B:\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: B:\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: B:\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: D:\Mozilla Firefox\components [2013.04.03 12:54:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: D:\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Mozilla Thunderbird\components [2013.03.31 01:24:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Mozilla Thunderbird\plugins [2013.03.31 00:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions [2013.03.31 17:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions [2013.03.31 17:35:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions\foxyproxy@eric.h.jung [2013.03.31 01:01:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qu7f4cso.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8AE74B7-2DF4-47A9-824E-79235F413517}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0895bac7-9950-11e2-9bf0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0895bac7-9950-11e2-9bf0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O33 - MountPoints2\{61d90c3e-999f-11e2-9dac-902b349a10e2}\Shell - "" = AutoRun O33 - MountPoints2\{61d90c3e-999f-11e2-9dac-902b349a10e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.08 20:51:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe [2013.04.08 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2013.04.07 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.04.07 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\TeamViewer [2013.04.07 22:28:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.04.07 22:28:51 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2013.04.05 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.05 18:49:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\LOLReplay [2013.04.03 03:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2013.04.03 01:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.04.01 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2013.04.01 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions [2013.04.01 15:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FEAR [2013.04.01 15:00:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.01 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.01 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando [2013.04.01 14:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando [2013.04.01 13:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.04.01 04:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.04.01 04:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.04.01 04:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.04.01 04:16:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.04.01 04:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.04.01 04:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.04.01 04:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.04.01 04:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft Help [2013.04.01 04:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.04.01 01:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.04.01 01:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.04.01 01:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.01 01:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.04.01 01:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Apple Computer [2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple Computer [2013.04.01 01:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.01 01:10:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.01 01:09:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple [2013.04.01 01:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.01 01:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.04.01 00:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.04.01 00:30:59 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.01 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite [2013.04.01 00:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.04.01 00:29:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited [2013.04.01 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.04.01 00:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQM [2013.04.01 00:13:25 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile [2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.04.01 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Notepad++ [2013.03.31 21:32:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\LolClient [2013.03.31 20:00:42 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop\Games [2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\PMB Files [2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.03.31 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.03.31 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.31 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.03.31 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA [2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VIA [2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2013.03.31 16:48:37 | 009,208,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVIA64.dll [2013.03.31 16:48:37 | 000,908,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.03.31 16:48:37 | 000,394,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.03.31 16:48:37 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2013.03.31 16:48:36 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll [2013.03.31 16:48:36 | 002,099,480 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll [2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll [2013.03.31 16:48:36 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll [2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll [2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll [2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll [2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll [2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll [2013.03.31 16:48:36 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll [2013.03.31 16:48:36 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll [2013.03.31 16:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.03.31 16:46:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2013.03.31 16:46:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2013.03.31 16:46:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2013.03.31 16:46:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2013.03.31 16:46:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2013.03.31 16:46:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2013.03.31 16:46:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2013.03.31 16:46:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2013.03.31 16:46:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2013.03.31 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.03.31 16:11:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.03.31 14:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.31 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\WindowsUpdate [2013.03.31 14:08:13 | 000,000,000 | R--D | C] -- C:\Users\Manu\Dropbox [2013.03.31 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.03.31 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Dropbox [2013.03.31 13:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.03.31 13:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.03.31 04:14:27 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.03.31 04:09:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\vlc [2013.03.31 04:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.31 04:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\WinRAR [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.31 03:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter [2013.03.31 03:37:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.31 03:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\LG Electronics [2013.03.31 03:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Logitech [2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.03.31 02:38:44 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Leadertech [2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logitech [2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logishrd [2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.31 01:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.03.31 01:57:52 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Adobe [2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.31 01:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.03.31 01:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Thunderbird [2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Thunderbird [2013.03.31 00:30:42 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.03.31 00:30:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Macromedia [2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Macromedia [2013.03.31 00:26:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.03.31 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Mozilla [2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Mozilla [2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.31 00:07:13 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VS Revo Group [2013.03.30 22:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition [2013.03.30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS Partition Master 9.2.1 Home Edition [2013.03.30 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\temp [2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ATI [2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\ATI [2013.03.30 21:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.30 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2013.03.30 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Adobe [2013.03.30 20:00:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Avira [2013.03.30 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.30 19:57:56 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.30 19:57:56 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.30 19:57:56 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.30 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Diagnostics [2013.03.30 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Programs [2013.03.30 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Google [2013.03.30 18:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.03.30 18:16:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Intel Corporation [2013.03.30 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2013.03.30 18:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE [2013.03.30 18:02:06 | 000,084,736 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys [2013.03.30 18:02:06 | 000,059,520 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys [2013.03.30 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2013.03.30 18:00:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.03.30 18:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2013.03.30 17:59:34 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2013.03.30 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2013.03.30 17:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.03.30 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.03.30 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.03.30 17:58:44 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.03.30 17:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.03.30 17:58:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\InstallShield [2013.03.30 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.03.30 17:56:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.03.30 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Google [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\Searches [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.30 17:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Identities [2013.03.30 17:48:24 | 000,000,000 | R--D | C] -- C:\Users\Manu\Contacts [2013.03.30 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VirtualStore [2013.03.30 17:48:18 | 000,000,000 | --SD | C] -- C:\Users\Manu\AppData\Roaming\Microsoft [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Videos [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Saved Games [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Pictures [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Music [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Links [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Favorites [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Downloads [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Documents [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Vorlagen [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Verlauf [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Temporary Internet Files [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Startmenü [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\SendTo [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Recent [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Netzwerkumgebung [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Lokale Einstellungen [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Videos [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Musik [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Eigene Dateien [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Bilder [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Druckumgebung [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Cookies [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Anwendungsdaten [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Anwendungsdaten [2013.03.30 17:48:18 | 000,000,000 | -H-D | C] -- C:\Users\Manu\AppData [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Temp [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Media Center Programs [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.30 17:48:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.30 17:40:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.03.30 17:39:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.03.30 17:39:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.03.27 17:38:06 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll [2013.03.13 05:35:44 | 000,127,568 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe [2013.04.08 20:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.08 20:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.08 20:13:07 | 000,000,000 | ---- | M] () -- C:\Users\Manu\defogger_reenable [2013.04.08 20:12:15 | 000,050,477 | ---- | M] () -- C:\Users\Manu\Desktop\Defogger.exe [2013.04.08 19:13:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 19:13:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 19:10:22 | 001,618,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.08 19:10:22 | 000,698,912 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.08 19:10:22 | 000,653,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.08 19:10:22 | 000,149,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.08 19:10:22 | 000,121,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.08 19:06:01 | 000,341,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 19:05:50 | 2114,703,359 | -HS- | M] () -- C:\hiberfil.sys [2013.04.08 01:31:05 | 000,000,614 | ---- | M] () -- C:\Users\Manu\Desktop\VLC media player.lnk [2013.04.07 23:49:21 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.07 22:28:51 | 000,000,606 | ---- | M] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2013.04.07 20:52:28 | 000,002,725 | ---- | M] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk [2013.04.07 20:29:53 | 000,001,055 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 18:49:37 | 000,000,685 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.04.01 01:37:44 | 000,002,128 | ---- | M] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk [2013.04.01 01:10:21 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 00:32:56 | 000,000,355 | ---- | M] () -- C:\Users\Manu\Desktop\Computer.lnk [2013.04.01 00:31:28 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.01 00:29:02 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.04.01 00:13:48 | 000,001,806 | ---- | M] () -- C:\Users\Manu\Desktop\ICQ.lnk [2013.03.31 14:04:44 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.31 13:54:20 | 000,002,130 | ---- | M] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk [2013.03.31 05:04:40 | 000,001,133 | -H-- | M] () -- C:\Windows\EPMBatch.ept [2013.03.31 04:48:52 | 000,000,675 | ---- | M] () -- C:\Users\Manu\Desktop\eclipse.lnk [2013.03.31 04:04:39 | 000,000,882 | ---- | M] () -- C:\Users\Manu\Desktop\CCleaner.lnk [2013.03.31 02:54:36 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.03.31 01:15:21 | 000,005,766 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.03.30 22:18:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.03.30 21:21:29 | 000,001,290 | ---- | M] () -- C:\Users\Manu\Desktop\dfrgui.lnk [2013.03.30 21:20:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.30 19:57:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.30 18:00:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.30 17:58:09 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.08 20:13:07 | 000,000,000 | ---- | C] () -- C:\Users\Manu\defogger_reenable [2013.04.08 20:12:13 | 000,050,477 | ---- | C] () -- C:\Users\Manu\Desktop\Defogger.exe [2013.04.08 19:05:52 | 000,341,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 14:45:30 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk [2013.04.08 01:31:05 | 000,000,614 | ---- | C] () -- C:\Users\Manu\Desktop\VLC media player.lnk [2013.04.07 23:49:21 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.07 22:28:51 | 000,000,606 | ---- | C] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk [2013.04.07 20:52:28 | 000,002,725 | ---- | C] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk [2013.04.05 18:49:37 | 000,000,685 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.04.01 01:37:44 | 000,002,128 | ---- | C] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk [2013.04.01 01:10:21 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 01:09:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.04.01 00:32:56 | 000,000,355 | ---- | C] () -- C:\Users\Manu\Desktop\Computer.lnk [2013.04.01 00:31:28 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.01 00:29:02 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.04.01 00:29:02 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.04.01 00:13:48 | 000,001,806 | ---- | C] () -- C:\Users\Manu\Desktop\ICQ.lnk [2013.03.31 14:05:50 | 000,001,055 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.31 13:54:20 | 000,002,130 | ---- | C] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk [2013.03.31 04:48:52 | 000,000,675 | ---- | C] () -- C:\Users\Manu\Desktop\eclipse.lnk [2013.03.31 04:04:39 | 000,000,882 | ---- | C] () -- C:\Users\Manu\Desktop\CCleaner.lnk [2013.03.31 03:38:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.31 03:19:55 | 000,000,988 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.31 02:54:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013.03.31 02:54:22 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.03.31 02:13:42 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.31 01:55:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.31 01:48:42 | 001,202,688 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm [2013.03.31 01:48:42 | 000,965,120 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm [2013.03.31 01:24:03 | 000,000,776 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.31 01:12:27 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL [2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL [2013.03.31 00:17:16 | 000,000,681 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.30 22:56:21 | 000,001,133 | -H-- | C] () -- C:\Windows\EPMBatch.ept [2013.03.30 22:45:52 | 003,376,640 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe [2013.03.30 22:45:52 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\¸´¼þ BootMan.exe [2013.03.30 22:45:52 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2013.03.30 22:45:52 | 000,100,936 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe [2013.03.30 22:45:52 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2013.03.30 22:45:52 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2013.03.30 22:45:52 | 000,017,480 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys [2013.03.30 22:45:52 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll [2013.03.30 22:45:52 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2013.03.30 22:45:52 | 000,009,800 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys [2013.03.30 22:45:52 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2013.03.30 22:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.03.30 21:43:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.30 21:43:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.30 21:21:29 | 000,001,290 | ---- | C] () -- C:\Users\Manu\Desktop\dfrgui.lnk [2013.03.30 21:20:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.30 19:57:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.30 18:14:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2013.03.30 18:02:20 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe [2013.03.30 18:02:20 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys [2013.03.30 18:00:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.30 17:59:11 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.03.30 17:54:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.03.30 17:49:08 | 000,001,413 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.30 17:42:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.03.30 17:41:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.03.30 17:39:43 | 2114,703,359 | -HS- | C] () -- C:\hiberfil.sys [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.01 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited [2013.04.01 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite [2013.04.08 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Dropbox [2013.04.01 16:13:19 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile [2013.04.01 00:15:00 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQM [2013.03.31 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Leadertech [2013.03.31 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\LolClient [2013.04.01 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Notepad++ [2013.04.07 23:48:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\TeamViewer [2013.03.31 01:24:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.04.2013 20:53:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 78,04% Memory free
15,92 Gb Paging File | 12,94 Gb Available in Paging File | 81,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,58 Gb Total Space | 23,90 Gb Free Space | 40,80% Space Free | Partition Type: NTFS
Drive D: | 200,01 Gb Total Space | 175,04 Gb Free Space | 87,52% Space Free | Partition Type: NTFS
Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031F1983-C75E-4569-A535-840F0351AC1F}" = lport=56225 | protocol=6 | dir=in | name=pando media booster |
"{0341519C-068A-4FB8-83EE-FDF5773B840E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{14179E81-E3AD-4BA7-91E7-186B78011952}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18D2567E-258F-4892-AA97-CC97AB27C5F8}" = lport=56225 | protocol=6 | dir=in | name=pando media booster |
"{1CF4F6A6-2F63-421F-93DD-590330F7D754}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DB22F07-EC34-4D55-95D5-B90C0C8EF894}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23D60832-4260-47BE-94B6-83513048D8E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{35A06E48-BD5F-4759-8D15-544D0EFD400E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A1050B1-1E4A-4E52-A568-A06469876BB8}" = lport=137 | protocol=17 | dir=in | app=system |
"{44F048B9-F3AF-4D7C-B72A-10CC8E92FAEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C1A1B06-973D-4080-80B0-6ACC1229C836}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F275EFE-156F-4F5D-BC70-8BC93D265CE3}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D793D1C-0CBD-4681-8A9C-F048421F4C0F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F2C8771-26B7-4A63-874C-938CF85304CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{9073E733-204D-4188-8E32-7B1120B04790}" = lport=56225 | protocol=17 | dir=in | name=pando media booster |
"{999582A1-66C0-42E4-B85A-7A56CC4C9795}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A320B3FA-D083-4179-B54A-03906C39092B}" = rport=138 | protocol=17 | dir=out | app=system |
"{A73F3FFC-034E-4897-A50B-57102C398418}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B479781A-403D-4234-8AA4-7CE3B59C0717}" = rport=137 | protocol=17 | dir=out | app=system |
"{BC6619D7-975C-4E3D-BF95-748D38443B6B}" = lport=56225 | protocol=17 | dir=in | name=pando media booster |
"{C6833C73-F311-453B-8817-604D02F0FB71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4958789-9510-4DB3-8AEF-F814E3794866}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9A8EFDD-F31B-41AB-A9F6-68934CB51934}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F96377A7-DDEB-4B0E-881F-B77432C64415}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FE1552AE-6AAE-4047-962B-853E2BE1EBF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8AC594-1273-4289-9855-47BEF9A326D7}" = protocol=17 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe |
"{10308AF5-2D14-454E-ABF4-AE2DD84BD517}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{1E6F47F8-23C8-4F9E-80B9-4DDE79473E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EE68ED4-8812-4848-B956-A85818A0D49B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F987AAC-AA6B-45F3-865B-FE4D594C393C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22BFBAB9-36E4-4EE2-846A-D796DFAA3E61}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{311FD73B-DFA0-4A15-A598-4E7A3B400CC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3266EE77-60A1-48D5-B2B8-BC2D4EC018F0}" = protocol=6 | dir=in | app=c:\users\manu\appdata\roaming\icqm\icq.exe |
"{372F294B-5536-4544-A879-661581BEC0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3A17983A-B0A2-47F8-B67E-731CA9A25211}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3B83DC43-D6B3-4A4B-926A-AFAB02A634A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{457B8609-2F05-46D1-A979-4630E9C6C537}" = protocol=17 | dir=in | app=d:\fear\fear.exe |
"{4A897B08-3EE8-4BEF-B4D0-2B64197041A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AFAD137-95A4-4EA5-B1EB-108CF670D808}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{54719C49-B718-406A-A928-3B462830EF09}" = protocol=17 | dir=in | app=d:\steam\steamapps\nighty3991\counter-strike source\hl2.exe |
"{5686905E-6543-40DB-862E-627800D86507}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58687D5D-70F2-49C4-B5D5-C9C5B7525B9E}" = dir=in | app=d:\itunes\itunes.exe |
"{6A127504-B811-4AC9-9AF9-859EDD0CAD40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E37BF52-1A16-4794-A131-6466771E15F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B533DD0-0EA0-4F7D-A14B-2EFBD452F2FB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7EC24F1B-3028-4DC3-BD2F-B3B12A0B7D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{825EC11F-8B2C-4452-B637-D07D9E20AB9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83BB6836-2AC7-4E81-926E-B6932377B6E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{85554CB0-7100-43F9-900F-B7A490451B02}" = protocol=6 | dir=in | app=d:\fear\fear.exe |
"{8654B13D-47CA-4E74-BE11-C59D0F051B28}" = protocol=17 | dir=in | app=d:\microsoft office\office14\groove.exe |
"{8773C718-E881-4829-89B5-5338AC43871D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CED9914-3EED-47D3-AFDD-28C128E9E90C}" = protocol=6 | dir=in | app=d:\microsoft office\office14\groove.exe |
"{9A0D55D3-4A94-4DFA-BCA2-5ED3482A47D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9FEC1BDB-01F2-4F5E-8BE2-614230BC100B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB98FC86-2AC9-411F-80E7-172D45B0381D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE7B9EC9-BAA9-498F-8863-D701400CC1D3}" = protocol=17 | dir=in | app=c:\users\manu\appdata\roaming\icqm\icq.exe |
"{B1885A38-78A9-4EA7-919B-955F4899E852}" = protocol=6 | dir=in | app=d:\steam\steamapps\nighty3991\counter-strike source\hl2.exe |
"{B60EDBA3-DAF2-4A3F-9D6A-C0584D2BB681}" = protocol=17 | dir=in | app=d:\fear\fearmp.exe |
"{B80F148A-9091-444A-9B44-5A151E62556E}" = protocol=6 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE975D38-61F2-4BEF-BC79-95325B0013FE}" = protocol=6 | dir=in | app=d:\fear\fearmp.exe |
"{C5BBA117-4CC2-445A-B440-6FE68E0B1581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6670353-8479-471E-BECE-18B440CED54B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD009C05-744E-48FF-A094-FCC402EC76F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D073E1BA-A6B5-40CE-B668-DE0A4CD0F7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D3768177-3557-410B-921F-655E76B11B4D}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{D6871115-5D8E-4992-9FA9-DEFBDE30E941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E754E7AC-9B60-4047-9ACF-28FD00B7921E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E86DCA81-61C8-4E94-B3C9-20F1361F35E4}" = protocol=6 | dir=out | app=system |
"{FA321214-3BCF-4B64-8867-CED9C4452D22}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4A549C80-9E6C-435B-AB67-2ECD98A43989}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{A500811B-8289-4148-BF87-2FD08977160D}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{1EA2B7A5-47CD-4B25-9FA0-1D3C2070692F}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{57A77C1A-1D12-485E-B711-A1D756D9FC4F}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.45
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = Catalyst Control Center
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Afterburner" = MSI Afterburner 2.3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LOLReplay" = LOLReplay
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"ICQ" = ICQ 8.0 (build 6008, für aktuellen Benutzer)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.04.2013 14:46:46 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5008
Error - 08.04.2013 14:46:46 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
Error - 08.04.2013 14:46:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 14:46:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
[ System Events ]
Error - 08.04.2013 11:25:39 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 11:26:11 | Computer Name = Manu-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 08.04.2013 11:31:46 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Management and Security Application Local Management Service erreicht.
Error - 08.04.2013 11:31:46 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 11:36:18 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Management and Security Application Local Management Service erreicht.
Error - 08.04.2013 11:36:18 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 13:06:07 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Management and Security Application Local Management Service erreicht.
Error - 08.04.2013 13:06:07 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 13:06:28 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 08.04.2013 13:06:28 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 21:11:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Manu\AppData\Local\Temp\kwtdypog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\spoolsv.exe [1340:2312] 000007fef9f910c8
Thread C:\Windows\System32\spoolsv.exe [1340:2320] 000007fef72a6144
Thread C:\Windows\System32\spoolsv.exe [1340:2324] 000007fef6de5fd0
Thread C:\Windows\System32\spoolsv.exe [1340:2328] 000007fef9e93438
Thread C:\Windows\System32\spoolsv.exe [1340:2332] 000007fef6de63ec
Thread C:\Windows\System32\spoolsv.exe [1340:2340] 000007fef8f35e5c
Thread C:\Windows\system32\taskhost.exe [1892:1192] 000007fef9e61f38
Thread C:\Windows\system32\taskhost.exe [1892:1248] 000007fef9e02740
Thread C:\Windows\system32\taskhost.exe [1892:2136] 000007fef8ef1010
Thread C:\Windows\system32\taskhost.exe [1892:1316] 000007fef9b95170
Thread C:\Windows\System32\svchost.exe [2432:4232] 000007fef5df9688
Thread C:\Windows\system32\svchost.exe [3616:3652] 000007fef2378470
Thread C:\Windows\system32\svchost.exe [3616:3656] 000007fef2382418
Thread C:\Windows\system32\svchost.exe [3616:2616] 000007fef0f6f130
Thread C:\Windows\system32\svchost.exe [3616:3096] 000007fef0f64734
Thread C:\Windows\system32\svchost.exe [3616:3124] 000007fef6de5fd0
Thread C:\Windows\system32\svchost.exe [3616:3364] 000007fef6de63ec
Thread C:\Windows\system32\svchost.exe [3616:4596] 000007fef0f64734
Thread C:\Windows\system32\svchost.exe [3616:1576] 000007fef9975124
---- EOF - GMER 2.1 ----
 Ok kleine Ergänzung: Der Bootvirus ist wohl noch auf der externen Festplatte, obwohl ich diese per Windows-Schnellformatierung formatiert habe und sie theoretisch leer ist. Ist die Externe angeschlossen, erhalte ich beim Scan Virenwarnungen in beiden Verzeichnissen, wenn ich einen Virenscan ohne die Externe starte ist alles clean! Geändert von Manu39 (08.04.2013 um 20:44 Uhr) |
|
09.04.2013, 02:37
| #2 |
| /// TB-Ausbilder   | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hallo Manuel,
__________________schliesse bitte die besagte externe Festplatte an und mache diesen Scan: Schritt 1 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
09.04.2013, 12:25
| #3 |
| | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hey Leo,
__________________vielen Dank für die schnelle Antwort! Hab deine Anweisungen der Reihe nach genaustens befolgt, und es wurde "Rootkit.Boot.Wistler.a" gefunden. Hier das Logfile: Code:
ATTFilter 13:21:02.0478 1616 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:21:02.0649 1616 ============================================================
13:21:02.0649 1616 Current date / time: 2013/04/09 13:21:02.0649
13:21:02.0649 1616 SystemInfo:
13:21:02.0649 1616
13:21:02.0649 1616 OS Version: 6.1.7601 ServicePack: 1.0
13:21:02.0649 1616 Product type: Workstation
13:21:02.0649 1616 ComputerName: MANU-PC
13:21:02.0649 1616 UserName: Manu
13:21:02.0649 1616 Windows directory: C:\Windows
13:21:02.0649 1616 System windows directory: C:\Windows
13:21:02.0649 1616 Running under WOW64
13:21:02.0649 1616 Processor architecture: Intel x64
13:21:02.0649 1616 Number of processors: 4
13:21:02.0649 1616 Page size: 0x1000
13:21:02.0649 1616 Boot type: Normal boot
13:21:02.0649 1616 ============================================================
13:21:03.0149 1616 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:03.0149 1616 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:21:03.0159 1616 ============================================================
13:21:03.0159 1616 \Device\Harddisk0\DR0:
13:21:03.0159 1616 MBR partitions:
13:21:03.0159 1616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:21:03.0159 1616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7528EEC
13:21:03.0179 1616 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x755B72B, BlocksNum 0x1900297E
13:21:03.0199 1616 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2055E0E8, BlocksNum 0x541A78D9
13:21:03.0199 1616 \Device\Harddisk1\DR1:
13:21:03.0199 1616 MBR partitions:
13:21:03.0199 1616 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
13:21:03.0199 1616 ============================================================
13:21:03.0239 1616 C: <-> \Device\Harddisk0\DR0\Partition2
13:21:03.0269 1616 D: <-> \Device\Harddisk0\DR0\Partition3
13:21:03.0319 1616 E: <-> \Device\Harddisk0\DR0\Partition4
13:21:03.0329 1616 I: <-> \Device\Harddisk1\DR1\Partition1
13:21:03.0329 1616 ============================================================
13:21:03.0329 1616 Initialize success
13:21:03.0329 1616 ============================================================
13:21:14.0339 2084 ============================================================
13:21:14.0339 2084 Scan started
13:21:14.0339 2084 Mode: Manual;
13:21:14.0339 2084 ============================================================
13:21:14.0449 2084 ================ Scan system memory ========================
13:21:14.0449 2084 System memory - ok
13:21:14.0449 2084 ================ Scan services =============================
13:21:14.0549 2084 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:21:14.0559 2084 1394ohci - ok
13:21:14.0579 2084 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:21:14.0579 2084 ACPI - ok
13:21:14.0589 2084 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:21:14.0589 2084 AcpiPmi - ok
13:21:14.0650 2084 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:21:14.0660 2084 AdobeARMservice - ok
13:21:14.0750 2084 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:21:14.0760 2084 AdobeFlashPlayerUpdateSvc - ok
13:21:14.0780 2084 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:21:14.0790 2084 adp94xx - ok
13:21:14.0800 2084 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:21:14.0810 2084 adpahci - ok
13:21:14.0840 2084 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:21:14.0840 2084 adpu320 - ok
13:21:14.0870 2084 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:21:14.0880 2084 AeLookupSvc - ok
13:21:14.0910 2084 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:21:14.0910 2084 AFD - ok
13:21:14.0930 2084 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:21:14.0930 2084 agp440 - ok
13:21:14.0940 2084 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:21:14.0940 2084 ALG - ok
13:21:14.0950 2084 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:21:14.0950 2084 aliide - ok
13:21:14.0970 2084 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:21:14.0980 2084 AMD External Events Utility - ok
13:21:14.0990 2084 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:21:14.0990 2084 amdide - ok
13:21:14.0990 2084 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:21:15.0000 2084 AmdK8 - ok
13:21:15.0150 2084 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:21:15.0290 2084 amdkmdag - ok
13:21:15.0360 2084 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:21:15.0360 2084 amdkmdap - ok
13:21:15.0380 2084 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:21:15.0390 2084 AmdPPM - ok
13:21:15.0410 2084 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:21:15.0420 2084 amdsata - ok
13:21:15.0420 2084 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:21:15.0430 2084 amdsbs - ok
13:21:15.0440 2084 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:21:15.0440 2084 amdxata - ok
13:21:15.0500 2084 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:21:15.0510 2084 AntiVirSchedulerService - ok
13:21:15.0530 2084 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:21:15.0540 2084 AntiVirService - ok
13:21:15.0540 2084 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:21:15.0550 2084 AppID - ok
13:21:15.0550 2084 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:21:15.0550 2084 AppIDSvc - ok
13:21:15.0560 2084 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:21:15.0560 2084 Appinfo - ok
13:21:15.0610 2084 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:21:15.0610 2084 Apple Mobile Device - ok
13:21:15.0640 2084 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
13:21:15.0640 2084 AppleCharger - ok
13:21:15.0650 2084 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
13:21:15.0650 2084 AppleChargerSrv - ok
13:21:15.0680 2084 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:21:15.0690 2084 AppMgmt - ok
13:21:15.0700 2084 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:21:15.0710 2084 arc - ok
13:21:15.0710 2084 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:21:15.0720 2084 arcsas - ok
13:21:15.0800 2084 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:21:15.0810 2084 aspnet_state - ok
13:21:15.0830 2084 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:15.0830 2084 AsyncMac - ok
13:21:15.0840 2084 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:21:15.0850 2084 atapi - ok
13:21:15.0870 2084 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:21:15.0880 2084 AtiHDAudioService - ok
13:21:15.0940 2084 [ 26D973D6D9A0D133DFDA7D8C1ADC04B7 ] atillk64 C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys
13:21:15.0950 2084 atillk64 - ok
13:21:15.0960 2084 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:21:15.0970 2084 AudioEndpointBuilder - ok
13:21:15.0980 2084 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:21:15.0980 2084 AudioSrv - ok
13:21:16.0000 2084 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:21:16.0000 2084 avgntflt - ok
13:21:16.0020 2084 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:21:16.0020 2084 avipbb - ok
13:21:16.0040 2084 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:21:16.0040 2084 avkmgr - ok
13:21:16.0060 2084 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:21:16.0060 2084 AxInstSV - ok
13:21:16.0070 2084 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:21:16.0080 2084 b06bdrv - ok
13:21:16.0090 2084 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:21:16.0100 2084 b57nd60a - ok
13:21:16.0110 2084 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:21:16.0110 2084 BDESVC - ok
13:21:16.0120 2084 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:21:16.0120 2084 Beep - ok
13:21:16.0170 2084 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:21:16.0190 2084 BFE - ok
13:21:16.0220 2084 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:21:16.0220 2084 BITS - ok
13:21:16.0230 2084 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:21:16.0240 2084 blbdrive - ok
13:21:16.0290 2084 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:21:16.0300 2084 Bonjour Service - ok
13:21:16.0310 2084 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:21:16.0320 2084 bowser - ok
13:21:16.0320 2084 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:21:16.0330 2084 BrFiltLo - ok
13:21:16.0330 2084 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:21:16.0330 2084 BrFiltUp - ok
13:21:16.0350 2084 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:21:16.0360 2084 Browser - ok
13:21:16.0360 2084 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:21:16.0370 2084 Brserid - ok
13:21:16.0370 2084 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:16.0380 2084 BrSerWdm - ok
13:21:16.0380 2084 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:16.0380 2084 BrUsbMdm - ok
13:21:16.0380 2084 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:21:16.0390 2084 BrUsbSer - ok
13:21:16.0390 2084 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:21:16.0390 2084 BTHMODEM - ok
13:21:16.0410 2084 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:21:16.0420 2084 bthserv - ok
13:21:16.0430 2084 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:21:16.0430 2084 cdfs - ok
13:21:16.0460 2084 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:21:16.0460 2084 cdrom - ok
13:21:16.0470 2084 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:21:16.0470 2084 CertPropSvc - ok
13:21:16.0470 2084 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:21:16.0480 2084 circlass - ok
13:21:16.0490 2084 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:21:16.0490 2084 CLFS - ok
13:21:16.0530 2084 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:16.0530 2084 clr_optimization_v2.0.50727_32 - ok
13:21:16.0570 2084 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:21:16.0580 2084 clr_optimization_v2.0.50727_64 - ok
13:21:16.0640 2084 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:16.0650 2084 clr_optimization_v4.0.30319_32 - ok
13:21:16.0660 2084 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:21:16.0670 2084 clr_optimization_v4.0.30319_64 - ok
13:21:16.0670 2084 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:21:16.0670 2084 CmBatt - ok
13:21:16.0700 2084 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:21:16.0700 2084 cmdide - ok
13:21:16.0730 2084 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:21:16.0750 2084 CNG - ok
13:21:16.0770 2084 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:21:16.0770 2084 Compbatt - ok
13:21:16.0790 2084 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:21:16.0790 2084 CompositeBus - ok
13:21:16.0800 2084 COMSysApp - ok
13:21:16.0810 2084 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:21:16.0810 2084 crcdisk - ok
13:21:16.0850 2084 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:21:16.0850 2084 CryptSvc - ok
13:21:16.0880 2084 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:21:16.0890 2084 CSC - ok
13:21:16.0900 2084 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:21:16.0900 2084 CscService - ok
13:21:16.0930 2084 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:21:16.0940 2084 DcomLaunch - ok
13:21:16.0950 2084 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:21:16.0960 2084 defragsvc - ok
13:21:16.0960 2084 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:21:16.0960 2084 DfsC - ok
13:21:16.0970 2084 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:21:16.0970 2084 Dhcp - ok
13:21:16.0980 2084 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:21:16.0980 2084 discache - ok
13:21:16.0990 2084 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:21:16.0990 2084 Disk - ok
13:21:17.0020 2084 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:21:17.0020 2084 dmvsc - ok
13:21:17.0040 2084 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:21:17.0050 2084 Dnscache - ok
13:21:17.0050 2084 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:21:17.0060 2084 dot3svc - ok
13:21:17.0060 2084 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:21:17.0070 2084 DPS - ok
13:21:17.0090 2084 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:21:17.0090 2084 drmkaud - ok
13:21:17.0120 2084 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:21:17.0120 2084 dtsoftbus01 - ok
13:21:17.0150 2084 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:21:17.0170 2084 DXGKrnl - ok
13:21:17.0170 2084 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:21:17.0180 2084 EapHost - ok
13:21:17.0220 2084 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:21:17.0310 2084 ebdrv - ok
13:21:17.0330 2084 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:21:17.0340 2084 EFS - ok
13:21:17.0380 2084 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:21:17.0400 2084 ehRecvr - ok
13:21:17.0430 2084 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:21:17.0440 2084 ehSched - ok
13:21:17.0450 2084 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:21:17.0460 2084 elxstor - ok
13:21:17.0500 2084 [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv C:\Windows\system32\epmntdrv.sys
13:21:17.0500 2084 epmntdrv - ok
13:21:17.0510 2084 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:21:17.0520 2084 ErrDev - ok
13:21:17.0540 2084 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
13:21:17.0550 2084 etdrv - ok
13:21:17.0580 2084 [ 6CF515B48E0692070EED439BB73A9949 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
13:21:17.0580 2084 EtronHub3 - ok
13:21:17.0600 2084 [ EEA621DB1DAC0AB1EE901140AC381952 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
13:21:17.0610 2084 EtronXHCI - ok
13:21:17.0610 2084 [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
13:21:17.0610 2084 EuGdiDrv - ok
13:21:17.0630 2084 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:21:17.0640 2084 EventSystem - ok
13:21:17.0640 2084 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:21:17.0650 2084 exfat - ok
13:21:17.0650 2084 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:21:17.0660 2084 fastfat - ok
13:21:17.0690 2084 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:21:17.0690 2084 Fax - ok
13:21:17.0700 2084 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:21:17.0700 2084 fdc - ok
13:21:17.0710 2084 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:21:17.0710 2084 fdPHost - ok
13:21:17.0720 2084 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:21:17.0730 2084 FDResPub - ok
13:21:17.0730 2084 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:21:17.0740 2084 FileInfo - ok
13:21:17.0750 2084 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:21:17.0760 2084 Filetrace - ok
13:21:17.0760 2084 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:21:17.0760 2084 flpydisk - ok
13:21:17.0760 2084 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:21:17.0770 2084 FltMgr - ok
13:21:17.0800 2084 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
13:21:17.0810 2084 FontCache - ok
13:21:17.0850 2084 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:17.0850 2084 FontCache3.0.0.0 - ok
13:21:17.0860 2084 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:21:17.0860 2084 FsDepends - ok
13:21:17.0900 2084 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:21:17.0900 2084 Fs_Rec - ok
13:21:17.0910 2084 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:21:17.0910 2084 fvevol - ok
13:21:17.0930 2084 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:21:17.0930 2084 gagp30kx - ok
13:21:17.0960 2084 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
13:21:17.0970 2084 gdrv - ok
13:21:18.0000 2084 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:21:18.0010 2084 GEARAspiWDM - ok
13:21:18.0030 2084 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:21:18.0040 2084 gpsvc - ok
13:21:18.0080 2084 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
13:21:18.0080 2084 GVTDrv64 - ok
13:21:18.0100 2084 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:21:18.0100 2084 hcw85cir - ok
13:21:18.0120 2084 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:21:18.0130 2084 HdAudAddService - ok
13:21:18.0130 2084 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:21:18.0130 2084 HDAudBus - ok
13:21:18.0140 2084 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:21:18.0140 2084 HidBatt - ok
13:21:18.0140 2084 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:21:18.0150 2084 HidBth - ok
13:21:18.0150 2084 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:21:18.0150 2084 HidIr - ok
13:21:18.0150 2084 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:21:18.0160 2084 hidserv - ok
13:21:18.0160 2084 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:21:18.0160 2084 HidUsb - ok
13:21:18.0180 2084 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:21:18.0180 2084 hkmsvc - ok
13:21:18.0190 2084 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:21:18.0200 2084 HomeGroupListener - ok
13:21:18.0220 2084 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:21:18.0220 2084 HomeGroupProvider - ok
13:21:18.0230 2084 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:21:18.0240 2084 HpSAMD - ok
13:21:18.0250 2084 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:21:18.0250 2084 HTTP - ok
13:21:18.0270 2084 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:21:18.0270 2084 hwpolicy - ok
13:21:18.0280 2084 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:21:18.0280 2084 i8042prt - ok
13:21:18.0310 2084 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:21:18.0310 2084 iaStor - ok
13:21:18.0350 2084 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:21:18.0360 2084 IAStorDataMgrSvc - ok
13:21:18.0380 2084 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:21:18.0390 2084 iaStorV - ok
13:21:18.0420 2084 [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
13:21:18.0430 2084 ICCS - ok
13:21:18.0470 2084 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:21:18.0480 2084 IDriverT - ok
13:21:18.0520 2084 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:21:18.0580 2084 idsvc - ok
13:21:18.0590 2084 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:21:18.0600 2084 iirsp - ok
13:21:18.0620 2084 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:21:18.0640 2084 IKEEXT - ok
13:21:18.0670 2084 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:21:18.0680 2084 Intel(R) Capability Licensing Service Interface - ok
13:21:18.0700 2084 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:21:18.0700 2084 intelide - ok
13:21:18.0710 2084 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:21:18.0710 2084 intelppm - ok
13:21:18.0720 2084 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:21:18.0730 2084 IPBusEnum - ok
13:21:18.0730 2084 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:18.0740 2084 IpFilterDriver - ok
13:21:18.0760 2084 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:21:18.0770 2084 iphlpsvc - ok
13:21:18.0770 2084 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:21:18.0780 2084 IPMIDRV - ok
13:21:18.0780 2084 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:21:18.0780 2084 IPNAT - ok
13:21:18.0820 2084 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:21:18.0830 2084 iPod Service - ok
13:21:18.0830 2084 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:21:18.0830 2084 IRENUM - ok
13:21:18.0840 2084 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:21:18.0840 2084 isapnp - ok
13:21:18.0860 2084 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:21:18.0870 2084 iScsiPrt - ok
13:21:18.0890 2084 [ 7A4D015FF432645C55C162DADAEA143E ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:21:18.0890 2084 iusb3hcs - ok
13:21:18.0900 2084 [ 5D6164479F6F900ACD287FDC6935532E ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
13:21:18.0910 2084 iusb3hub - ok
13:21:18.0930 2084 [ 9F5687C7EFA906E4F33586D393F7C257 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:21:18.0940 2084 iusb3xhc - ok
13:21:18.0970 2084 [ 4E5DB6816F165C0C7A7FAA0055788884 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:21:18.0980 2084 jhi_service - ok
13:21:18.0990 2084 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:18.0990 2084 kbdclass - ok
13:21:19.0000 2084 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:21:19.0000 2084 kbdhid - ok
13:21:19.0010 2084 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:21:19.0010 2084 KeyIso - ok
13:21:19.0030 2084 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:21:19.0040 2084 KSecDD - ok
13:21:19.0050 2084 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:21:19.0060 2084 KSecPkg - ok
13:21:19.0080 2084 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:21:19.0080 2084 ksthunk - ok
13:21:19.0110 2084 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:21:19.0120 2084 KtmRm - ok
13:21:19.0130 2084 [ C669E616F41060C37F868B2BBAD92632 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
13:21:19.0140 2084 L1C - ok
13:21:19.0150 2084 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:21:19.0160 2084 LanmanServer - ok
13:21:19.0180 2084 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:21:19.0180 2084 LanmanWorkstation - ok
13:21:19.0210 2084 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
13:21:19.0220 2084 LGBusEnum - ok
13:21:19.0230 2084 [ CDDC07D414B08FECD48E4940C29F483F ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
13:21:19.0240 2084 LGSHidFilt - ok
13:21:19.0250 2084 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
13:21:19.0260 2084 LGVirHid - ok
13:21:19.0270 2084 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:21:19.0280 2084 lltdio - ok
13:21:19.0310 2084 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:21:19.0320 2084 lltdsvc - ok
13:21:19.0340 2084 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:21:19.0340 2084 lmhosts - ok
13:21:19.0370 2084 [ DF9ADD70659EA4F2A17075524E043FD8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:21:19.0380 2084 LMS - ok
13:21:19.0400 2084 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:21:19.0400 2084 LSI_FC - ok
13:21:19.0410 2084 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:21:19.0410 2084 LSI_SAS - ok
13:21:19.0420 2084 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:21:19.0420 2084 LSI_SAS2 - ok
13:21:19.0420 2084 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:21:19.0430 2084 LSI_SCSI - ok
13:21:19.0430 2084 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:21:19.0430 2084 luafv - ok
13:21:19.0440 2084 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:21:19.0440 2084 Mcx2Svc - ok
13:21:19.0450 2084 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:21:19.0450 2084 megasas - ok
13:21:19.0450 2084 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:21:19.0460 2084 MegaSR - ok
13:21:19.0480 2084 [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:21:19.0480 2084 MEIx64 - ok
13:21:19.0550 2084 Microsoft SharePoint Workspace Audit Service - ok
13:21:19.0570 2084 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:21:19.0570 2084 MMCSS - ok
13:21:19.0580 2084 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:21:19.0590 2084 Modem - ok
13:21:19.0610 2084 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:21:19.0610 2084 monitor - ok
13:21:19.0620 2084 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:21:19.0630 2084 mouclass - ok
13:21:19.0630 2084 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:21:19.0640 2084 mouhid - ok
13:21:19.0640 2084 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:21:19.0640 2084 mountmgr - ok
13:21:19.0680 2084 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:21:19.0680 2084 MozillaMaintenance - ok
13:21:19.0690 2084 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:21:19.0700 2084 mpio - ok
13:21:19.0700 2084 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:21:19.0710 2084 mpsdrv - ok
13:21:19.0740 2084 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:21:19.0760 2084 MpsSvc - ok
13:21:19.0760 2084 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:21:19.0770 2084 MRxDAV - ok
13:21:19.0790 2084 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:19.0800 2084 mrxsmb - ok
13:21:19.0810 2084 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:19.0820 2084 mrxsmb10 - ok
13:21:19.0830 2084 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:19.0840 2084 mrxsmb20 - ok
13:21:19.0840 2084 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:21:19.0850 2084 msahci - ok
13:21:19.0850 2084 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:21:19.0860 2084 msdsm - ok
13:21:19.0870 2084 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:21:19.0870 2084 MSDTC - ok
13:21:19.0880 2084 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:21:19.0880 2084 Msfs - ok
13:21:19.0890 2084 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:21:19.0900 2084 mshidkmdf - ok
13:21:19.0900 2084 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:21:19.0900 2084 msisadrv - ok
13:21:19.0920 2084 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:21:19.0930 2084 MSiSCSI - ok
13:21:19.0930 2084 msiserver - ok
13:21:19.0950 2084 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:21:19.0960 2084 MSKSSRV - ok
13:21:19.0970 2084 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:19.0980 2084 MSPCLOCK - ok
13:21:20.0000 2084 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:21:20.0000 2084 MSPQM - ok
13:21:20.0010 2084 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:21:20.0010 2084 MsRPC - ok
13:21:20.0020 2084 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:21:20.0020 2084 mssmbios - ok
13:21:20.0020 2084 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:21:20.0020 2084 MSTEE - ok
13:21:20.0030 2084 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:21:20.0030 2084 MTConfig - ok
13:21:20.0040 2084 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:21:20.0040 2084 Mup - ok
13:21:20.0060 2084 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:21:20.0070 2084 napagent - ok
13:21:20.0080 2084 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:21:20.0090 2084 NativeWifiP - ok
13:21:20.0120 2084 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:21:20.0130 2084 NDIS - ok
13:21:20.0140 2084 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:20.0150 2084 NdisCap - ok
13:21:20.0150 2084 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:20.0150 2084 NdisTapi - ok
13:21:20.0150 2084 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:20.0160 2084 Ndisuio - ok
13:21:20.0160 2084 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:20.0160 2084 NdisWan - ok
13:21:20.0170 2084 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:21:20.0170 2084 NDProxy - ok
13:21:20.0170 2084 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:21:20.0180 2084 NetBIOS - ok
13:21:20.0180 2084 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:21:20.0180 2084 NetBT - ok
13:21:20.0190 2084 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:21:20.0190 2084 Netlogon - ok
13:21:20.0220 2084 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:21:20.0220 2084 Netman - ok
13:21:20.0240 2084 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0250 2084 NetMsmqActivator - ok
13:21:20.0250 2084 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0250 2084 NetPipeActivator - ok
13:21:20.0270 2084 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:21:20.0280 2084 netprofm - ok
13:21:20.0280 2084 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0280 2084 NetTcpActivator - ok
13:21:20.0280 2084 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:20.0290 2084 NetTcpPortSharing - ok
13:21:20.0300 2084 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:21:20.0300 2084 nfrd960 - ok
13:21:20.0320 2084 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:21:20.0320 2084 NlaSvc - ok
13:21:20.0320 2084 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:21:20.0330 2084 Npfs - ok
13:21:20.0340 2084 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:21:20.0340 2084 nsi - ok
13:21:20.0350 2084 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:21:20.0350 2084 nsiproxy - ok
13:21:20.0390 2084 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:21:20.0440 2084 Ntfs - ok
13:21:20.0450 2084 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:21:20.0450 2084 Null - ok
13:21:20.0470 2084 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:21:20.0480 2084 nvraid - ok
13:21:20.0500 2084 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:21:20.0510 2084 nvstor - ok
13:21:20.0530 2084 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:21:20.0540 2084 nv_agp - ok
13:21:20.0540 2084 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:21:20.0550 2084 ohci1394 - ok
13:21:20.0600 2084 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:20.0610 2084 ose - ok
13:21:20.0720 2084 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:21:20.0790 2084 osppsvc - ok
13:21:20.0810 2084 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:21:20.0810 2084 p2pimsvc - ok
13:21:20.0820 2084 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:21:20.0830 2084 p2psvc - ok
13:21:20.0830 2084 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:21:20.0840 2084 Parport - ok
13:21:20.0860 2084 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:21:20.0860 2084 partmgr - ok
13:21:20.0870 2084 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:21:20.0870 2084 PcaSvc - ok
13:21:20.0880 2084 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:21:20.0880 2084 pci - ok
13:21:20.0890 2084 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:21:20.0890 2084 pciide - ok
13:21:20.0900 2084 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:21:20.0900 2084 pcmcia - ok
13:21:20.0910 2084 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:21:20.0910 2084 pcw - ok
13:21:20.0910 2084 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:21:20.0920 2084 PEAUTH - ok
13:21:20.0950 2084 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:21:20.0970 2084 PeerDistSvc - ok
13:21:21.0030 2084 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:21:21.0040 2084 PerfHost - ok
13:21:21.0070 2084 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:21:21.0100 2084 pla - ok
13:21:21.0130 2084 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:21:21.0140 2084 PlugPlay - ok
13:21:21.0150 2084 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:21:21.0160 2084 PNRPAutoReg - ok
13:21:21.0170 2084 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:21:21.0180 2084 PNRPsvc - ok
13:21:21.0210 2084 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:21:21.0220 2084 PolicyAgent - ok
13:21:21.0240 2084 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:21:21.0240 2084 Power - ok
13:21:21.0260 2084 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:21:21.0260 2084 PptpMiniport - ok
13:21:21.0270 2084 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:21:21.0280 2084 Processor - ok
13:21:21.0290 2084 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:21:21.0290 2084 ProfSvc - ok
13:21:21.0310 2084 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:21:21.0310 2084 ProtectedStorage - ok
13:21:21.0330 2084 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:21:21.0330 2084 Psched - ok
13:21:21.0370 2084 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:21:21.0390 2084 ql2300 - ok
13:21:21.0390 2084 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:21:21.0400 2084 ql40xx - ok
13:21:21.0400 2084 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:21:21.0410 2084 QWAVE - ok
13:21:21.0410 2084 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:21:21.0420 2084 QWAVEdrv - ok
13:21:21.0430 2084 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:21:21.0430 2084 RasAcd - ok
13:21:21.0450 2084 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:21.0450 2084 RasAgileVpn - ok
13:21:21.0450 2084 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:21:21.0460 2084 RasAuto - ok
13:21:21.0460 2084 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:21.0460 2084 Rasl2tp - ok
13:21:21.0480 2084 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:21:21.0490 2084 RasMan - ok
13:21:21.0490 2084 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:21.0500 2084 RasPppoe - ok
13:21:21.0500 2084 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:21:21.0500 2084 RasSstp - ok
13:21:21.0510 2084 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:21:21.0510 2084 rdbss - ok
13:21:21.0520 2084 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:21:21.0520 2084 rdpbus - ok
13:21:21.0530 2084 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:21.0530 2084 RDPCDD - ok
13:21:21.0550 2084 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:21:21.0550 2084 RDPDR - ok
13:21:21.0570 2084 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:21:21.0570 2084 RDPENCDD - ok
13:21:21.0570 2084 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:21:21.0570 2084 RDPREFMP - ok
13:21:21.0610 2084 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:21:21.0620 2084 RdpVideoMiniport - ok
13:21:21.0650 2084 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:21:21.0650 2084 RDPWD - ok
13:21:21.0660 2084 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:21:21.0670 2084 rdyboost - ok
13:21:21.0700 2084 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:21:21.0710 2084 RemoteAccess - ok
13:21:21.0720 2084 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:21:21.0730 2084 RemoteRegistry - ok
13:21:21.0740 2084 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:21:21.0750 2084 RpcEptMapper - ok
13:21:21.0770 2084 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:21:21.0770 2084 RpcLocator - ok
13:21:21.0780 2084 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:21:21.0780 2084 RpcSs - ok
13:21:21.0780 2084 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:21:21.0790 2084 rspndr - ok
13:21:21.0860 2084 [ 6FA271B6816AFFAEF640808FC51AC8AF ] RTCore64 D:\MSI Afterburner\RTCore64.sys
13:21:21.0870 2084 RTCore64 - ok
13:21:21.0900 2084 [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
13:21:21.0910 2084 RTHDMIAzAudService - ok
13:21:21.0920 2084 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:21:21.0930 2084 s3cap - ok
13:21:21.0930 2084 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:21:21.0930 2084 SamSs - ok
13:21:21.0940 2084 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:21:21.0940 2084 sbp2port - ok
13:21:21.0950 2084 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:21:21.0950 2084 SCardSvr - ok
13:21:21.0960 2084 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:21:21.0970 2084 scfilter - ok
13:21:21.0990 2084 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:21:21.0990 2084 Schedule - ok
13:21:22.0010 2084 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:21:22.0020 2084 SCPolicySvc - ok
13:21:22.0020 2084 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:21:22.0020 2084 SDRSVC - ok
13:21:22.0040 2084 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:21:22.0040 2084 secdrv - ok
13:21:22.0050 2084 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:21:22.0050 2084 seclogon - ok
13:21:22.0060 2084 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:21:22.0070 2084 SENS - ok
13:21:22.0070 2084 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:21:22.0070 2084 SensrSvc - ok
13:21:22.0080 2084 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:21:22.0080 2084 Serenum - ok
13:21:22.0090 2084 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:21:22.0090 2084 Serial - ok
13:21:22.0100 2084 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:21:22.0110 2084 sermouse - ok
13:21:22.0120 2084 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:21:22.0130 2084 SessionEnv - ok
13:21:22.0130 2084 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:21:22.0130 2084 sffdisk - ok
13:21:22.0130 2084 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:21:22.0130 2084 sffp_mmc - ok
13:21:22.0140 2084 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:21:22.0140 2084 sffp_sd - ok
13:21:22.0140 2084 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:21:22.0140 2084 sfloppy - ok
13:21:22.0180 2084 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:21:22.0190 2084 SharedAccess - ok
13:21:22.0210 2084 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:21:22.0210 2084 ShellHWDetection - ok
13:21:22.0210 2084 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:21:22.0210 2084 SiSRaid2 - ok
13:21:22.0220 2084 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:21:22.0220 2084 SiSRaid4 - ok
13:21:22.0220 2084 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:21:22.0230 2084 Smb - ok
13:21:22.0240 2084 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:21:22.0240 2084 SNMPTRAP - ok
13:21:22.0250 2084 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:21:22.0250 2084 spldr - ok
13:21:22.0280 2084 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:21:22.0290 2084 Spooler - ok
13:21:22.0360 2084 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:21:22.0390 2084 sppsvc - ok
13:21:22.0410 2084 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:21:22.0410 2084 sppuinotify - ok
13:21:22.0440 2084 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:21:22.0450 2084 srv - ok
13:21:22.0460 2084 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:21:22.0470 2084 srv2 - ok
13:21:22.0490 2084 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:21:22.0490 2084 srvnet - ok
13:21:22.0500 2084 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:21:22.0500 2084 SSDPSRV - ok
13:21:22.0510 2084 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:21:22.0510 2084 SstpSvc - ok
13:21:22.0550 2084 Steam Client Service - ok
13:21:22.0550 2084 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:21:22.0550 2084 stexstor - ok
13:21:22.0580 2084 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:21:22.0580 2084 stisvc - ok
13:21:22.0590 2084 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:21:22.0590 2084 storflt - ok
13:21:22.0610 2084 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:21:22.0620 2084 StorSvc - ok
13:21:22.0620 2084 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:21:22.0620 2084 storvsc - ok
13:21:22.0630 2084 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:21:22.0630 2084 swenum - ok
13:21:22.0650 2084 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:21:22.0650 2084 swprv - ok
13:21:22.0680 2084 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:21:22.0700 2084 SysMain - ok
13:21:22.0710 2084 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:21:22.0710 2084 TabletInputService - ok
13:21:22.0720 2084 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:21:22.0730 2084 TapiSrv - ok
13:21:22.0730 2084 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:21:22.0730 2084 TBS - ok
13:21:22.0760 2084 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:21:22.0790 2084 Tcpip - ok
13:21:22.0810 2084 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:21:22.0820 2084 TCPIP6 - ok
13:21:22.0840 2084 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:21:22.0850 2084 tcpipreg - ok
13:21:22.0860 2084 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:21:22.0860 2084 TDPIPE - ok
13:21:22.0880 2084 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:21:22.0880 2084 TDTCP - ok
13:21:22.0900 2084 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:21:22.0910 2084 tdx - ok
13:21:22.0910 2084 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:21:22.0920 2084 TermDD - ok
13:21:22.0940 2084 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:21:22.0950 2084 TermService - ok
13:21:22.0960 2084 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:21:22.0960 2084 Themes - ok
13:21:22.0980 2084 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:21:22.0980 2084 THREADORDER - ok
13:21:22.0980 2084 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:21:22.0990 2084 TrkWks - ok
13:21:23.0010 2084 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:21:23.0010 2084 TrustedInstaller - ok
13:21:23.0020 2084 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:23.0020 2084 tssecsrv - ok
13:21:23.0040 2084 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:21:23.0050 2084 TsUsbFlt - ok
13:21:23.0080 2084 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:21:23.0080 2084 TsUsbGD - ok
13:21:23.0090 2084 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:21:23.0090 2084 tunnel - ok
13:21:23.0100 2084 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:21:23.0100 2084 uagp35 - ok
13:21:23.0110 2084 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:21:23.0110 2084 udfs - ok
13:21:23.0130 2084 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:21:23.0140 2084 UI0Detect - ok
13:21:23.0160 2084 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:21:23.0160 2084 uliagpkx - ok
13:21:23.0170 2084 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:21:23.0170 2084 umbus - ok
13:21:23.0170 2084 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:21:23.0170 2084 UmPass - ok
13:21:23.0180 2084 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:21:23.0190 2084 UmRdpService - ok
13:21:23.0200 2084 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:21:23.0210 2084 upnphost - ok
13:21:23.0250 2084 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:21:23.0260 2084 USBAAPL64 - ok
13:21:23.0270 2084 usbbus - ok
13:21:23.0300 2084 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:23.0310 2084 usbccgp - ok
13:21:23.0310 2084 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:21:23.0320 2084 usbcir - ok
13:21:23.0320 2084 UsbDiag - ok
13:21:23.0330 2084 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:21:23.0340 2084 usbehci - ok
13:21:23.0350 2084 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:21:23.0360 2084 usbhub - ok
13:21:23.0360 2084 USBModem - ok
13:21:23.0380 2084 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:21:23.0380 2084 usbohci - ok
13:21:23.0390 2084 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:21:23.0390 2084 usbprint - ok
13:21:23.0430 2084 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:21:23.0430 2084 usbscan - ok
13:21:23.0440 2084 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:23.0440 2084 USBSTOR - ok
13:21:23.0440 2084 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:21:23.0450 2084 usbuhci - ok
13:21:23.0460 2084 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:21:23.0470 2084 UxSms - ok
13:21:23.0480 2084 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:21:23.0480 2084 VaultSvc - ok
13:21:23.0480 2084 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:21:23.0480 2084 vdrvroot - ok
13:21:23.0500 2084 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:21:23.0510 2084 vds - ok
13:21:23.0510 2084 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:23.0520 2084 vga - ok
13:21:23.0520 2084 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:21:23.0520 2084 VgaSave - ok
13:21:23.0520 2084 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:21:23.0530 2084 vhdmp - ok
13:21:23.0570 2084 [ 6BBD1072E94167A1C1F33CC66B0DF861 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
13:21:23.0580 2084 VIAHdAudAddService - ok
13:21:23.0580 2084 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:21:23.0590 2084 viaide - ok
13:21:23.0600 2084 [ 6B34F3220E4AE5D77BD42CEA94EB3892 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
13:21:23.0600 2084 VIAKaraokeService - ok
13:21:23.0620 2084 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:21:23.0630 2084 vmbus - ok
13:21:23.0640 2084 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:21:23.0640 2084 VMBusHID - ok
13:21:23.0650 2084 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:21:23.0650 2084 volmgr - ok
13:21:23.0660 2084 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:21:23.0660 2084 volmgrx - ok
13:21:23.0660 2084 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:21:23.0670 2084 volsnap - ok
13:21:23.0670 2084 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:21:23.0680 2084 vsmraid - ok
13:21:23.0700 2084 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:21:23.0710 2084 VSS - ok
13:21:23.0720 2084 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:21:23.0720 2084 vwifibus - ok
13:21:23.0750 2084 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:21:23.0750 2084 W32Time - ok
13:21:23.0760 2084 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:21:23.0770 2084 WacomPen - ok
13:21:23.0770 2084 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:21:23.0780 2084 WANARP - ok
13:21:23.0780 2084 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:21:23.0780 2084 Wanarpv6 - ok
13:21:23.0810 2084 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:21:23.0830 2084 wbengine - ok
13:21:23.0840 2084 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:21:23.0840 2084 WbioSrvc - ok
13:21:23.0860 2084 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:21:23.0870 2084 wcncsvc - ok
13:21:23.0870 2084 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:21:23.0880 2084 WcsPlugInService - ok
13:21:23.0880 2084 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:21:23.0880 2084 Wd - ok
13:21:23.0890 2084 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:21:23.0900 2084 Wdf01000 - ok
13:21:23.0910 2084 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:21:23.0910 2084 WdiServiceHost - ok
13:21:23.0910 2084 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:21:23.0910 2084 WdiSystemHost - ok
13:21:23.0910 2084 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:21:23.0920 2084 WebClient - ok
13:21:23.0930 2084 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:21:23.0940 2084 Wecsvc - ok
13:21:23.0950 2084 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:21:23.0950 2084 wercplsupport - ok
13:21:23.0960 2084 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:21:23.0960 2084 WerSvc - ok
13:21:23.0970 2084 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:21:23.0970 2084 WfpLwf - ok
13:21:23.0970 2084 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:21:23.0980 2084 WIMMount - ok
13:21:23.0990 2084 WinDefend - ok
13:21:23.0990 2084 WinHttpAutoProxySvc - ok
13:21:24.0020 2084 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:21:24.0020 2084 Winmgmt - ok
13:21:24.0060 2084 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:21:24.0110 2084 WinRM - ok
13:21:24.0130 2084 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:21:24.0150 2084 Wlansvc - ok
13:21:24.0150 2084 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:21:24.0150 2084 WmiAcpi - ok
13:21:24.0170 2084 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:21:24.0170 2084 wmiApSrv - ok
13:21:24.0180 2084 WMPNetworkSvc - ok
13:21:24.0190 2084 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:21:24.0200 2084 WPCSvc - ok
13:21:24.0210 2084 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:21:24.0220 2084 WPDBusEnum - ok
13:21:24.0220 2084 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:21:24.0220 2084 ws2ifsl - ok
13:21:24.0230 2084 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:21:24.0240 2084 wscsvc - ok
13:21:24.0240 2084 WSearch - ok
13:21:24.0290 2084 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:21:24.0320 2084 wuauserv - ok
13:21:24.0330 2084 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:21:24.0340 2084 WudfPf - ok
13:21:24.0360 2084 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:24.0370 2084 WUDFRd - ok
13:21:24.0400 2084 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:21:24.0400 2084 wudfsvc - ok
13:21:24.0410 2084 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:21:24.0420 2084 WwanSvc - ok
13:21:24.0430 2084 ================ Scan global ===============================
13:21:24.0450 2084 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:21:24.0470 2084 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:21:24.0470 2084 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:21:24.0480 2084 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:21:24.0500 2084 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:21:24.0510 2084 [Global] - ok
13:21:24.0510 2084 ================ Scan MBR ==================================
13:21:24.0540 2084 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:21:24.0670 2084 \Device\Harddisk0\DR0 - ok
13:21:24.0670 2084 [ 3DFBD33517922022AAB2367021B4BBEC ] \Device\Harddisk1\DR1
13:21:24.0670 2084 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
13:21:24.0670 2084 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
13:21:24.0670 2084 ================ Scan VBR ==================================
13:21:24.0950 2084 [ A75CFC6E1FDFBAEE7262F0DCA6E10EC5 ] \Device\Harddisk0\DR0\Partition1
13:21:24.0950 2084 \Device\Harddisk0\DR0\Partition1 - ok
13:21:24.0960 2084 [ A55FB4813D5CC737A1C872028EB716E1 ] \Device\Harddisk0\DR0\Partition2
13:21:24.0960 2084 \Device\Harddisk0\DR0\Partition2 - ok
13:21:24.0980 2084 [ A2475E0CC9C87A4B144A9792798CA1D1 ] \Device\Harddisk0\DR0\Partition3
13:21:24.0980 2084 \Device\Harddisk0\DR0\Partition3 - ok
13:21:24.0990 2084 [ C97506C89400F80D4344D52B42E7D8B1 ] \Device\Harddisk0\DR0\Partition4
13:21:24.0990 2084 \Device\Harddisk0\DR0\Partition4 - ok
13:21:24.0990 2084 [ AF09F3106187641F5EF1D63EA1EB6518 ] \Device\Harddisk1\DR1\Partition1
13:21:25.0000 2084 \Device\Harddisk1\DR1\Partition1 - ok
13:21:25.0000 2084 ============================================================
13:21:25.0000 2084 Scan finished
13:21:25.0000 2084 ============================================================
13:21:25.0000 4360 Detected object count: 1
13:21:25.0000 4360 Actual detected object count: 1
13:21:40.0522 4360 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - skipped by user
13:21:40.0522 4360 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
13:21:51.0313 2988 Deinitialize success
|
|
09.04.2013, 12:30
| #4 | |
| /// TB-Ausbilder | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hi Manuel, da haben wir diesen Whistler ja..  Schritt 1 Starte bitte TDSSkiller.exe. Vista und Win7 User mit Rechtsklick "als Administrator ausführen".
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
09.04.2013, 12:57
| #5 |
| | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hey, beim Schritt 1 erscheint folgende Meldung nachdem ich continue drücke (cure ausgewählt). s14.directupload.net/images/130409/ptzw7ilx.jpg Einfach Yes drücken? Will lieber nichts falsch machen und frage deswegen! |
|
09.04.2013, 13:20
| #6 |
| /// TB-Ausbilder | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Jep, nur reinhauen. 
__________________ --> BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' |
|
09.04.2013, 13:52
| #7 |
| | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hey, die 3 Logs sind zu lang für einen Post. Ich hoffe, dass es i.o. ist, hier einen Doppelpost zu machen. TDSSKiller: Code:
ATTFilter 13:53:31.0893 2712 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:53:32.0036 2712 ============================================================
13:53:32.0036 2712 Current date / time: 2013/04/09 13:53:32.0036
13:53:32.0036 2712 SystemInfo:
13:53:32.0036 2712
13:53:32.0036 2712 OS Version: 6.1.7601 ServicePack: 1.0
13:53:32.0036 2712 Product type: Workstation
13:53:32.0036 2712 ComputerName: MANU-PC
13:53:32.0037 2712 UserName: Manu
13:53:32.0037 2712 Windows directory: C:\Windows
13:53:32.0037 2712 System windows directory: C:\Windows
13:53:32.0037 2712 Running under WOW64
13:53:32.0037 2712 Processor architecture: Intel x64
13:53:32.0037 2712 Number of processors: 4
13:53:32.0037 2712 Page size: 0x1000
13:53:32.0037 2712 Boot type: Normal boot
13:53:32.0037 2712 ============================================================
13:53:32.0308 2712 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:53:32.0310 2712 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:53:32.0328 2712 ============================================================
13:53:32.0328 2712 \Device\Harddisk0\DR0:
13:53:32.0328 2712 MBR partitions:
13:53:32.0328 2712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:53:32.0328 2712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7528EEC
13:53:32.0336 2712 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x755B72B, BlocksNum 0x1900297E
13:53:32.0345 2712 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2055E0E8, BlocksNum 0x541A78D9
13:53:32.0345 2712 \Device\Harddisk1\DR1:
13:53:32.0345 2712 MBR partitions:
13:53:32.0345 2712 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
13:53:32.0345 2712 ============================================================
13:53:32.0380 2712 C: <-> \Device\Harddisk0\DR0\Partition2
13:53:32.0401 2712 D: <-> \Device\Harddisk0\DR0\Partition3
13:53:32.0453 2712 E: <-> \Device\Harddisk0\DR0\Partition4
13:53:32.0463 2712 I: <-> \Device\Harddisk1\DR1\Partition1
13:53:32.0463 2712 ============================================================
13:53:32.0463 2712 Initialize success
13:53:32.0463 2712 ============================================================
13:53:37.0921 4708 ============================================================
13:53:37.0921 4708 Scan started
13:53:37.0921 4708 Mode: Manual;
13:53:37.0921 4708 ============================================================
13:53:38.0115 4708 ================ Scan system memory ========================
13:53:38.0115 4708 System memory - ok
13:53:38.0115 4708 ================ Scan services =============================
13:53:38.0196 4708 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:53:38.0199 4708 1394ohci - ok
13:53:38.0214 4708 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:53:38.0217 4708 ACPI - ok
13:53:38.0221 4708 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:53:38.0221 4708 AcpiPmi - ok
13:53:38.0288 4708 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:53:38.0289 4708 AdobeARMservice - ok
13:53:38.0375 4708 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:53:38.0378 4708 AdobeFlashPlayerUpdateSvc - ok
13:53:38.0396 4708 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:53:38.0400 4708 adp94xx - ok
13:53:38.0407 4708 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:53:38.0409 4708 adpahci - ok
13:53:38.0427 4708 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:53:38.0428 4708 adpu320 - ok
13:53:38.0450 4708 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:53:38.0450 4708 AeLookupSvc - ok
13:53:38.0476 4708 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:53:38.0480 4708 AFD - ok
13:53:38.0487 4708 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:53:38.0489 4708 agp440 - ok
13:53:38.0493 4708 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:53:38.0494 4708 ALG - ok
13:53:38.0507 4708 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:53:38.0508 4708 aliide - ok
13:53:38.0527 4708 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:53:38.0529 4708 AMD External Events Utility - ok
13:53:38.0544 4708 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:53:38.0544 4708 amdide - ok
13:53:38.0548 4708 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:53:38.0549 4708 AmdK8 - ok
13:53:38.0695 4708 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:53:38.0731 4708 amdkmdag - ok
13:53:38.0769 4708 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:53:38.0773 4708 amdkmdap - ok
13:53:38.0778 4708 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:53:38.0779 4708 AmdPPM - ok
13:53:38.0794 4708 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:53:38.0795 4708 amdsata - ok
13:53:38.0801 4708 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:53:38.0803 4708 amdsbs - ok
13:53:38.0818 4708 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:53:38.0819 4708 amdxata - ok
13:53:38.0869 4708 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:53:38.0871 4708 AntiVirSchedulerService - ok
13:53:38.0898 4708 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:53:38.0899 4708 AntiVirService - ok
13:53:38.0903 4708 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:53:38.0904 4708 AppID - ok
13:53:38.0908 4708 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:53:38.0909 4708 AppIDSvc - ok
13:53:38.0926 4708 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:53:38.0927 4708 Appinfo - ok
13:53:38.0975 4708 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:53:38.0976 4708 Apple Mobile Device - ok
13:53:39.0005 4708 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
13:53:39.0006 4708 AppleCharger - ok
13:53:39.0022 4708 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
13:53:39.0023 4708 AppleChargerSrv - ok
13:53:39.0049 4708 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:53:39.0051 4708 AppMgmt - ok
13:53:39.0059 4708 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:53:39.0060 4708 arc - ok
13:53:39.0064 4708 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:53:39.0066 4708 arcsas - ok
13:53:39.0151 4708 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:53:39.0152 4708 aspnet_state - ok
13:53:39.0165 4708 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:53:39.0166 4708 AsyncMac - ok
13:53:39.0180 4708 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:53:39.0181 4708 atapi - ok
13:53:39.0210 4708 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:53:39.0211 4708 AtiHDAudioService - ok
13:53:39.0279 4708 [ 26D973D6D9A0D133DFDA7D8C1ADC04B7 ] atillk64 C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys
13:53:39.0280 4708 atillk64 - ok
13:53:39.0302 4708 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:53:39.0307 4708 AudioEndpointBuilder - ok
13:53:39.0323 4708 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:53:39.0328 4708 AudioSrv - ok
13:53:39.0376 4708 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:53:39.0388 4708 avgntflt - ok
13:53:39.0407 4708 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:53:39.0409 4708 avipbb - ok
13:53:39.0429 4708 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:53:39.0430 4708 avkmgr - ok
13:53:39.0434 4708 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:53:39.0435 4708 AxInstSV - ok
13:53:39.0465 4708 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:53:39.0468 4708 b06bdrv - ok
13:53:39.0483 4708 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:53:39.0484 4708 b57nd60a - ok
13:53:39.0498 4708 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:53:39.0499 4708 BDESVC - ok
13:53:39.0524 4708 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:53:39.0525 4708 Beep - ok
13:53:39.0546 4708 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:53:39.0550 4708 BFE - ok
13:53:39.0576 4708 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:53:39.0581 4708 BITS - ok
13:53:39.0590 4708 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:53:39.0590 4708 blbdrive - ok
13:53:39.0646 4708 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:53:39.0649 4708 Bonjour Service - ok
13:53:39.0672 4708 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:53:39.0673 4708 bowser - ok
13:53:39.0677 4708 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:53:39.0678 4708 BrFiltLo - ok
13:53:39.0681 4708 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:53:39.0682 4708 BrFiltUp - ok
13:53:39.0696 4708 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:53:39.0697 4708 Browser - ok
13:53:39.0702 4708 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:53:39.0703 4708 Brserid - ok
13:53:39.0711 4708 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:53:39.0711 4708 BrSerWdm - ok
13:53:39.0714 4708 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:53:39.0715 4708 BrUsbMdm - ok
13:53:39.0717 4708 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:53:39.0718 4708 BrUsbSer - ok
13:53:39.0722 4708 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:53:39.0723 4708 BTHMODEM - ok
13:53:39.0747 4708 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:53:39.0748 4708 bthserv - ok
13:53:39.0753 4708 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:53:39.0754 4708 cdfs - ok
13:53:39.0765 4708 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:53:39.0766 4708 cdrom - ok
13:53:39.0769 4708 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:53:39.0770 4708 CertPropSvc - ok
13:53:39.0772 4708 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:53:39.0772 4708 circlass - ok
13:53:39.0783 4708 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:53:39.0785 4708 CLFS - ok
13:53:39.0829 4708 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:39.0830 4708 clr_optimization_v2.0.50727_32 - ok
13:53:39.0863 4708 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:53:39.0864 4708 clr_optimization_v2.0.50727_64 - ok
13:53:39.0918 4708 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:39.0919 4708 clr_optimization_v4.0.30319_32 - ok
13:53:39.0929 4708 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:53:39.0930 4708 clr_optimization_v4.0.30319_64 - ok
13:53:39.0934 4708 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:53:39.0935 4708 CmBatt - ok
13:53:39.0944 4708 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:53:39.0945 4708 cmdide - ok
13:53:39.0964 4708 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:53:39.0967 4708 CNG - ok
13:53:39.0982 4708 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:53:39.0982 4708 Compbatt - ok
13:53:39.0991 4708 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:53:39.0992 4708 CompositeBus - ok
13:53:39.0994 4708 COMSysApp - ok
13:53:39.0997 4708 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:53:39.0998 4708 crcdisk - ok
13:53:40.0033 4708 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:53:40.0035 4708 CryptSvc - ok
13:53:40.0058 4708 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:53:40.0061 4708 CSC - ok
13:53:40.0070 4708 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:53:40.0074 4708 CscService - ok
13:53:40.0092 4708 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:53:40.0096 4708 DcomLaunch - ok
13:53:40.0113 4708 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:53:40.0115 4708 defragsvc - ok
13:53:40.0127 4708 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:53:40.0128 4708 DfsC - ok
13:53:40.0149 4708 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:53:40.0152 4708 Dhcp - ok
13:53:40.0159 4708 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:53:40.0160 4708 discache - ok
13:53:40.0169 4708 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:53:40.0171 4708 Disk - ok
13:53:40.0197 4708 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:53:40.0198 4708 dmvsc - ok
13:53:40.0221 4708 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:53:40.0223 4708 Dnscache - ok
13:53:40.0236 4708 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:53:40.0238 4708 dot3svc - ok
13:53:40.0242 4708 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:53:40.0243 4708 DPS - ok
13:53:40.0269 4708 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:53:40.0269 4708 drmkaud - ok
13:53:40.0304 4708 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:53:40.0306 4708 dtsoftbus01 - ok
13:53:40.0334 4708 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:53:40.0341 4708 DXGKrnl - ok
13:53:40.0354 4708 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:53:40.0356 4708 EapHost - ok
13:53:40.0411 4708 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:53:40.0425 4708 ebdrv - ok
13:53:40.0448 4708 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:53:40.0449 4708 EFS - ok
13:53:40.0495 4708 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:53:40.0500 4708 ehRecvr - ok
13:53:40.0515 4708 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:53:40.0517 4708 ehSched - ok
13:53:40.0525 4708 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:53:40.0530 4708 elxstor - ok
13:53:40.0555 4708 [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv C:\Windows\system32\epmntdrv.sys
13:53:40.0556 4708 epmntdrv - ok
13:53:40.0571 4708 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:53:40.0572 4708 ErrDev - ok
13:53:40.0601 4708 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
13:53:40.0602 4708 etdrv - ok
13:53:40.0637 4708 [ 6CF515B48E0692070EED439BB73A9949 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
13:53:40.0638 4708 EtronHub3 - ok
13:53:40.0664 4708 [ EEA621DB1DAC0AB1EE901140AC381952 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
13:53:40.0665 4708 EtronXHCI - ok
13:53:40.0668 4708 [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
13:53:40.0669 4708 EuGdiDrv - ok
13:53:40.0692 4708 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:53:40.0695 4708 EventSystem - ok
13:53:40.0699 4708 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:53:40.0701 4708 exfat - ok
13:53:40.0705 4708 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:53:40.0707 4708 fastfat - ok
13:53:40.0737 4708 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:53:40.0742 4708 Fax - ok
13:53:40.0745 4708 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:53:40.0746 4708 fdc - ok
13:53:40.0768 4708 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:53:40.0769 4708 fdPHost - ok
13:53:40.0784 4708 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:53:40.0785 4708 FDResPub - ok
13:53:40.0788 4708 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:53:40.0788 4708 FileInfo - ok
13:53:40.0800 4708 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:53:40.0800 4708 Filetrace - ok
13:53:40.0803 4708 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:53:40.0804 4708 flpydisk - ok
13:53:40.0808 4708 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:53:40.0810 4708 FltMgr - ok
13:53:40.0854 4708 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
13:53:40.0863 4708 FontCache - ok
13:53:40.0896 4708 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:53:40.0897 4708 FontCache3.0.0.0 - ok
13:53:40.0906 4708 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:53:40.0907 4708 FsDepends - ok
13:53:40.0926 4708 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:53:40.0927 4708 Fs_Rec - ok
13:53:40.0931 4708 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:53:40.0933 4708 fvevol - ok
13:53:40.0943 4708 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:53:40.0944 4708 gagp30kx - ok
13:53:40.0979 4708 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
13:53:40.0980 4708 gdrv - ok
13:53:41.0006 4708 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:53:41.0006 4708 GEARAspiWDM - ok
13:53:41.0025 4708 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:53:41.0030 4708 gpsvc - ok
13:53:41.0048 4708 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
13:53:41.0048 4708 GVTDrv64 - ok
13:53:41.0066 4708 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:53:41.0067 4708 hcw85cir - ok
13:53:41.0084 4708 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:53:41.0086 4708 HdAudAddService - ok
13:53:41.0113 4708 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:53:41.0114 4708 HDAudBus - ok
13:53:41.0118 4708 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:53:41.0119 4708 HidBatt - ok
13:53:41.0123 4708 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:53:41.0124 4708 HidBth - ok
13:53:41.0137 4708 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:53:41.0138 4708 HidIr - ok
13:53:41.0141 4708 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:53:41.0143 4708 hidserv - ok
13:53:41.0146 4708 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:53:41.0146 4708 HidUsb - ok
13:53:41.0161 4708 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:53:41.0162 4708 hkmsvc - ok
13:53:41.0170 4708 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:53:41.0173 4708 HomeGroupListener - ok
13:53:41.0185 4708 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:53:41.0187 4708 HomeGroupProvider - ok
13:53:41.0191 4708 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:53:41.0192 4708 HpSAMD - ok
13:53:41.0200 4708 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:53:41.0204 4708 HTTP - ok
13:53:41.0236 4708 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:53:41.0237 4708 hwpolicy - ok
13:53:41.0240 4708 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:53:41.0241 4708 i8042prt - ok
13:53:41.0253 4708 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:53:41.0256 4708 iaStor - ok
13:53:41.0301 4708 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:53:41.0301 4708 IAStorDataMgrSvc - ok
13:53:41.0329 4708 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:53:41.0332 4708 iaStorV - ok
13:53:41.0361 4708 [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
13:53:41.0363 4708 ICCS - ok
13:53:41.0413 4708 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:53:41.0415 4708 IDriverT - ok
13:53:41.0451 4708 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:53:41.0457 4708 idsvc - ok
13:53:41.0475 4708 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:53:41.0475 4708 iirsp - ok
13:53:41.0497 4708 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:53:41.0502 4708 IKEEXT - ok
13:53:41.0555 4708 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:53:41.0559 4708 Intel(R) Capability Licensing Service Interface - ok
13:53:41.0569 4708 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:53:41.0570 4708 intelide - ok
13:53:41.0578 4708 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:53:41.0579 4708 intelppm - ok
13:53:41.0591 4708 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:53:41.0593 4708 IPBusEnum - ok
13:53:41.0610 4708 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:53:41.0612 4708 IpFilterDriver - ok
13:53:41.0637 4708 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:53:41.0641 4708 iphlpsvc - ok
13:53:41.0645 4708 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:53:41.0646 4708 IPMIDRV - ok
13:53:41.0649 4708 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:53:41.0651 4708 IPNAT - ok
13:53:41.0691 4708 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:53:41.0694 4708 iPod Service - ok
13:53:41.0697 4708 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:53:41.0698 4708 IRENUM - ok
13:53:41.0701 4708 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:53:41.0701 4708 isapnp - ok
13:53:41.0719 4708 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:53:41.0720 4708 iScsiPrt - ok
13:53:41.0734 4708 [ 7A4D015FF432645C55C162DADAEA143E ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:53:41.0734 4708 iusb3hcs - ok
13:53:41.0748 4708 [ 5D6164479F6F900ACD287FDC6935532E ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
13:53:41.0750 4708 iusb3hub - ok
13:53:41.0779 4708 [ 9F5687C7EFA906E4F33586D393F7C257 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:53:41.0783 4708 iusb3xhc - ok
13:53:41.0811 4708 [ 4E5DB6816F165C0C7A7FAA0055788884 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:53:41.0812 4708 jhi_service - ok
13:53:41.0816 4708 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:53:41.0816 4708 kbdclass - ok
13:53:41.0823 4708 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:53:41.0824 4708 kbdhid - ok
13:53:41.0837 4708 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:53:41.0838 4708 KeyIso - ok
13:53:41.0859 4708 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:53:41.0861 4708 KSecDD - ok
13:53:41.0880 4708 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:53:41.0881 4708 KSecPkg - ok
13:53:41.0892 4708 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:53:41.0893 4708 ksthunk - ok
13:53:41.0920 4708 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:53:41.0925 4708 KtmRm - ok
13:53:41.0938 4708 [ C669E616F41060C37F868B2BBAD92632 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
13:53:41.0940 4708 L1C - ok
13:53:41.0957 4708 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:53:41.0960 4708 LanmanServer - ok
13:53:41.0984 4708 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:53:41.0987 4708 LanmanWorkstation - ok
13:53:42.0018 4708 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
13:53:42.0019 4708 LGBusEnum - ok
13:53:42.0027 4708 [ CDDC07D414B08FECD48E4940C29F483F ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
13:53:42.0028 4708 LGSHidFilt - ok
13:53:42.0047 4708 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
13:53:42.0048 4708 LGVirHid - ok
13:53:42.0063 4708 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:53:42.0064 4708 lltdio - ok
13:53:42.0091 4708 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:53:42.0094 4708 lltdsvc - ok
13:53:42.0109 4708 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:53:42.0110 4708 lmhosts - ok
13:53:42.0137 4708 [ DF9ADD70659EA4F2A17075524E043FD8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:53:42.0141 4708 LMS - ok
13:53:42.0156 4708 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:53:42.0157 4708 LSI_FC - ok
13:53:42.0160 4708 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:53:42.0161 4708 LSI_SAS - ok
13:53:42.0164 4708 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:53:42.0165 4708 LSI_SAS2 - ok
13:53:42.0168 4708 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:53:42.0169 4708 LSI_SCSI - ok
13:53:42.0173 4708 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:53:42.0174 4708 luafv - ok
13:53:42.0199 4708 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:53:42.0200 4708 Mcx2Svc - ok
13:53:42.0202 4708 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:53:42.0203 4708 megasas - ok
13:53:42.0208 4708 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:53:42.0209 4708 MegaSR - ok
13:53:42.0223 4708 [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:53:42.0224 4708 MEIx64 - ok
13:53:42.0289 4708 Microsoft SharePoint Workspace Audit Service - ok
13:53:42.0302 4708 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:53:42.0304 4708 MMCSS - ok
13:53:42.0321 4708 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:53:42.0322 4708 Modem - ok
13:53:42.0359 4708 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:53:42.0360 4708 monitor - ok
13:53:42.0371 4708 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:53:42.0372 4708 mouclass - ok
13:53:42.0376 4708 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:53:42.0377 4708 mouhid - ok
13:53:42.0381 4708 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:53:42.0382 4708 mountmgr - ok
13:53:42.0412 4708 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:53:42.0413 4708 MozillaMaintenance - ok
13:53:42.0418 4708 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:53:42.0420 4708 mpio - ok
13:53:42.0424 4708 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:53:42.0425 4708 mpsdrv - ok
13:53:42.0463 4708 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:53:42.0470 4708 MpsSvc - ok
13:53:42.0475 4708 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:53:42.0476 4708 MRxDAV - ok
13:53:42.0518 4708 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:53:42.0520 4708 mrxsmb - ok
13:53:42.0536 4708 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:53:42.0539 4708 mrxsmb10 - ok
13:53:42.0555 4708 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:53:42.0557 4708 mrxsmb20 - ok
13:53:42.0569 4708 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:53:42.0570 4708 msahci - ok
13:53:42.0574 4708 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:53:42.0576 4708 msdsm - ok
13:53:42.0595 4708 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:53:42.0597 4708 MSDTC - ok
13:53:42.0603 4708 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:53:42.0603 4708 Msfs - ok
13:53:42.0618 4708 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:53:42.0619 4708 mshidkmdf - ok
13:53:42.0626 4708 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:53:42.0627 4708 msisadrv - ok
13:53:42.0659 4708 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:53:42.0660 4708 MSiSCSI - ok
13:53:42.0663 4708 msiserver - ok
13:53:42.0689 4708 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:53:42.0690 4708 MSKSSRV - ok
13:53:42.0710 4708 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:53:42.0711 4708 MSPCLOCK - ok
13:53:42.0735 4708 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:53:42.0736 4708 MSPQM - ok
13:53:42.0742 4708 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:53:42.0744 4708 MsRPC - ok
13:53:42.0749 4708 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:53:42.0750 4708 mssmbios - ok
13:53:42.0753 4708 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:53:42.0754 4708 MSTEE - ok
13:53:42.0789 4708 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:53:42.0790 4708 MTConfig - ok
13:53:42.0794 4708 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:53:42.0795 4708 Mup - ok
13:53:42.0811 4708 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:53:42.0816 4708 napagent - ok
13:53:42.0828 4708 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:53:42.0831 4708 NativeWifiP - ok
13:53:42.0854 4708 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:53:42.0862 4708 NDIS - ok
13:53:42.0869 4708 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:53:42.0870 4708 NdisCap - ok
13:53:42.0874 4708 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:53:42.0875 4708 NdisTapi - ok
13:53:42.0878 4708 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:53:42.0879 4708 Ndisuio - ok
13:53:42.0882 4708 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:53:42.0883 4708 NdisWan - ok
13:53:42.0886 4708 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:53:42.0886 4708 NDProxy - ok
13:53:42.0889 4708 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:53:42.0889 4708 NetBIOS - ok
13:53:42.0893 4708 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:53:42.0895 4708 NetBT - ok
13:53:42.0904 4708 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:53:42.0905 4708 Netlogon - ok
13:53:42.0923 4708 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:53:42.0925 4708 Netman - ok
13:53:42.0948 4708 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0950 4708 NetMsmqActivator - ok
13:53:42.0954 4708 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0956 4708 NetPipeActivator - ok
13:53:42.0979 4708 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:53:42.0983 4708 netprofm - ok
13:53:42.0988 4708 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0990 4708 NetTcpActivator - ok
13:53:42.0994 4708 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:42.0995 4708 NetTcpPortSharing - ok
13:53:42.0999 4708 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:53:43.0000 4708 nfrd960 - ok
13:53:43.0011 4708 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:53:43.0014 4708 NlaSvc - ok
13:53:43.0018 4708 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:53:43.0018 4708 Npfs - ok
13:53:43.0029 4708 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:53:43.0030 4708 nsi - ok
13:53:43.0038 4708 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:53:43.0038 4708 nsiproxy - ok
13:53:43.0075 4708 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:53:43.0083 4708 Ntfs - ok
13:53:43.0096 4708 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:53:43.0096 4708 Null - ok
13:53:43.0106 4708 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:53:43.0107 4708 nvraid - ok
13:53:43.0137 4708 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:53:43.0139 4708 nvstor - ok
13:53:43.0157 4708 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:53:43.0158 4708 nv_agp - ok
13:53:43.0162 4708 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:53:43.0163 4708 ohci1394 - ok
13:53:43.0217 4708 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:53:43.0218 4708 ose - ok
13:53:43.0332 4708 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:53:43.0351 4708 osppsvc - ok
13:53:43.0366 4708 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:53:43.0368 4708 p2pimsvc - ok
13:53:43.0382 4708 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:53:43.0384 4708 p2psvc - ok
13:53:43.0387 4708 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:53:43.0388 4708 Parport - ok
13:53:43.0414 4708 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:53:43.0415 4708 partmgr - ok
13:53:43.0427 4708 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:53:43.0430 4708 PcaSvc - ok
13:53:43.0442 4708 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:53:43.0444 4708 pci - ok
13:53:43.0450 4708 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:53:43.0451 4708 pciide - ok
13:53:43.0456 4708 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:53:43.0457 4708 pcmcia - ok
13:53:43.0461 4708 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:53:43.0461 4708 pcw - ok
13:53:43.0469 4708 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:53:43.0473 4708 PEAUTH - ok
13:53:43.0498 4708 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:53:43.0504 4708 PeerDistSvc - ok
13:53:43.0567 4708 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:53:43.0569 4708 PerfHost - ok
13:53:43.0599 4708 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:53:43.0608 4708 pla - ok
13:53:43.0635 4708 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:53:43.0639 4708 PlugPlay - ok
13:53:43.0647 4708 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:53:43.0649 4708 PNRPAutoReg - ok
13:53:43.0667 4708 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:53:43.0670 4708 PNRPsvc - ok
13:53:43.0699 4708 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:53:43.0703 4708 PolicyAgent - ok
13:53:43.0721 4708 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:53:43.0724 4708 Power - ok
13:53:43.0737 4708 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:53:43.0738 4708 PptpMiniport - ok
13:53:43.0752 4708 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:53:43.0753 4708 Processor - ok
13:53:43.0773 4708 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:53:43.0775 4708 ProfSvc - ok
13:53:43.0793 4708 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:53:43.0794 4708 ProtectedStorage - ok
13:53:43.0807 4708 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:53:43.0808 4708 Psched - ok
13:53:43.0829 4708 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:53:43.0836 4708 ql2300 - ok
13:53:43.0840 4708 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:53:43.0841 4708 ql40xx - ok
13:53:43.0851 4708 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:53:43.0854 4708 QWAVE - ok
13:53:43.0856 4708 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:53:43.0857 4708 QWAVEdrv - ok
13:53:43.0863 4708 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:53:43.0864 4708 RasAcd - ok
13:53:43.0871 4708 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:53:43.0872 4708 RasAgileVpn - ok
13:53:43.0875 4708 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:53:43.0876 4708 RasAuto - ok
13:53:43.0879 4708 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:53:43.0880 4708 Rasl2tp - ok
13:53:43.0896 4708 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:53:43.0898 4708 RasMan - ok
13:53:43.0900 4708 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:53:43.0901 4708 RasPppoe - ok
13:53:43.0903 4708 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:53:43.0904 4708 RasSstp - ok
13:53:43.0908 4708 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:53:43.0909 4708 rdbss - ok
13:53:43.0922 4708 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:53:43.0922 4708 rdpbus - ok
13:53:43.0934 4708 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:53:43.0935 4708 RDPCDD - ok
13:53:43.0950 4708 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:53:43.0951 4708 RDPDR - ok
13:53:43.0972 4708 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:53:43.0972 4708 RDPENCDD - ok
13:53:43.0978 4708 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:53:43.0979 4708 RDPREFMP - ok
13:53:44.0027 4708 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:53:44.0027 4708 RdpVideoMiniport - ok
13:53:44.0060 4708 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:53:44.0062 4708 RDPWD - ok
13:53:44.0068 4708 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:53:44.0070 4708 rdyboost - ok
13:53:44.0102 4708 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:53:44.0104 4708 RemoteAccess - ok
13:53:44.0112 4708 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:53:44.0115 4708 RemoteRegistry - ok
13:53:44.0136 4708 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:53:44.0138 4708 RpcEptMapper - ok
13:53:44.0157 4708 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:53:44.0159 4708 RpcLocator - ok
13:53:44.0182 4708 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:53:44.0186 4708 RpcSs - ok
13:53:44.0190 4708 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:53:44.0191 4708 rspndr - ok
13:53:44.0267 4708 [ 6FA271B6816AFFAEF640808FC51AC8AF ] RTCore64 D:\MSI Afterburner\RTCore64.sys
13:53:44.0268 4708 RTCore64 - ok
13:53:44.0298 4708 [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
13:53:44.0301 4708 RTHDMIAzAudService - ok
13:53:44.0315 4708 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:53:44.0316 4708 s3cap - ok
13:53:44.0319 4708 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:53:44.0320 4708 SamSs - ok
13:53:44.0324 4708 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:53:44.0325 4708 sbp2port - ok
13:53:44.0329 4708 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:53:44.0332 4708 SCardSvr - ok
13:53:44.0343 4708 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:53:44.0344 4708 scfilter - ok
13:53:44.0368 4708 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:53:44.0375 4708 Schedule - ok
13:53:44.0396 4708 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:53:44.0396 4708 SCPolicySvc - ok
13:53:44.0400 4708 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:53:44.0403 4708 SDRSVC - ok
13:53:44.0416 4708 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:53:44.0417 4708 secdrv - ok
13:53:44.0423 4708 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:53:44.0424 4708 seclogon - ok
13:53:44.0434 4708 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:53:44.0435 4708 SENS - ok
13:53:44.0437 4708 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:53:44.0439 4708 SensrSvc - ok
13:53:44.0451 4708 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:53:44.0451 4708 Serenum - ok
13:53:44.0454 4708 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:53:44.0455 4708 Serial - ok
13:53:44.0463 4708 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:53:44.0463 4708 sermouse - ok
13:53:44.0480 4708 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:53:44.0481 4708 SessionEnv - ok
13:53:44.0483 4708 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:53:44.0484 4708 sffdisk - ok
13:53:44.0485 4708 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:53:44.0486 4708 sffp_mmc - ok
13:53:44.0488 4708 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:53:44.0488 4708 sffp_sd - ok
13:53:44.0490 4708 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:53:44.0491 4708 sfloppy - ok
13:53:44.0523 4708 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:53:44.0524 4708 SharedAccess - ok
13:53:44.0543 4708 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:53:44.0547 4708 ShellHWDetection - ok
13:53:44.0552 4708 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:53:44.0553 4708 SiSRaid2 - ok
13:53:44.0557 4708 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:53:44.0558 4708 SiSRaid4 - ok
13:53:44.0561 4708 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:53:44.0562 4708 Smb - ok
13:53:44.0572 4708 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:53:44.0574 4708 SNMPTRAP - ok
13:53:44.0584 4708 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:53:44.0585 4708 spldr - ok
13:53:44.0615 4708 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:53:44.0621 4708 Spooler - ok
13:53:44.0674 4708 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:53:44.0687 4708 sppsvc - ok
13:53:44.0700 4708 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:53:44.0701 4708 sppuinotify - ok
13:53:44.0721 4708 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:53:44.0723 4708 srv - ok
13:53:44.0741 4708 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:53:44.0744 4708 srv2 - ok
13:53:44.0758 4708 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:53:44.0760 4708 srvnet - ok
13:53:44.0770 4708 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:53:44.0773 4708 SSDPSRV - ok
13:53:44.0780 4708 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:53:44.0782 4708 SstpSvc - ok
13:53:44.0819 4708 Steam Client Service - ok
13:53:44.0823 4708 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:53:44.0824 4708 stexstor - ok
13:53:44.0858 4708 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:53:44.0864 4708 stisvc - ok
13:53:44.0880 4708 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:53:44.0881 4708 storflt - ok
13:53:44.0906 4708 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:53:44.0908 4708 StorSvc - ok
13:53:44.0911 4708 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:53:44.0912 4708 storvsc - ok
13:53:44.0922 4708 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:53:44.0923 4708 swenum - ok
13:53:44.0939 4708 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:53:44.0944 4708 swprv - ok
13:53:44.0977 4708 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:53:44.0987 4708 SysMain - ok
13:53:45.0001 4708 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:53:45.0003 4708 TabletInputService - ok
13:53:45.0012 4708 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:53:45.0015 4708 TapiSrv - ok
13:53:45.0031 4708 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:53:45.0032 4708 TBS - ok
13:53:45.0069 4708 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:53:45.0083 4708 Tcpip - ok
13:53:45.0112 4708 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:53:45.0119 4708 TCPIP6 - ok
13:53:45.0134 4708 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:53:45.0135 4708 tcpipreg - ok
13:53:45.0141 4708 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:53:45.0142 4708 TDPIPE - ok
13:53:45.0159 4708 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:53:45.0160 4708 TDTCP - ok
13:53:45.0170 4708 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:53:45.0172 4708 tdx - ok
13:53:45.0176 4708 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:53:45.0177 4708 TermDD - ok
13:53:45.0195 4708 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:53:45.0201 4708 TermService - ok
13:53:45.0210 4708 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:53:45.0212 4708 Themes - ok
13:53:45.0224 4708 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:53:45.0225 4708 THREADORDER - ok
13:53:45.0228 4708 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:53:45.0230 4708 TrkWks - ok
13:53:45.0258 4708 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:53:45.0259 4708 TrustedInstaller - ok
13:53:45.0263 4708 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:53:45.0263 4708 tssecsrv - ok
13:53:45.0278 4708 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:53:45.0278 4708 TsUsbFlt - ok
13:53:45.0302 4708 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:53:45.0302 4708 TsUsbGD - ok
13:53:45.0305 4708 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:53:45.0306 4708 tunnel - ok
13:53:45.0310 4708 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:53:45.0311 4708 uagp35 - ok
13:53:45.0318 4708 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:53:45.0321 4708 udfs - ok
13:53:45.0334 4708 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:53:45.0336 4708 UI0Detect - ok
13:53:45.0352 4708 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:53:45.0352 4708 uliagpkx - ok
13:53:45.0355 4708 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:53:45.0356 4708 umbus - ok
13:53:45.0363 4708 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:53:45.0364 4708 UmPass - ok
13:53:45.0374 4708 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:53:45.0376 4708 UmRdpService - ok
13:53:45.0394 4708 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:53:45.0396 4708 upnphost - ok
13:53:45.0431 4708 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:53:45.0432 4708 USBAAPL64 - ok
13:53:45.0440 4708 usbbus - ok
13:53:45.0470 4708 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:53:45.0472 4708 usbccgp - ok
13:53:45.0476 4708 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:53:45.0478 4708 usbcir - ok
13:53:45.0481 4708 UsbDiag - ok
13:53:45.0490 4708 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:53:45.0491 4708 usbehci - ok
13:53:45.0507 4708 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:53:45.0510 4708 usbhub - ok
13:53:45.0513 4708 USBModem - ok
13:53:45.0524 4708 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:53:45.0524 4708 usbohci - ok
13:53:45.0535 4708 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:53:45.0536 4708 usbprint - ok
13:53:45.0574 4708 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:53:45.0575 4708 usbscan - ok
13:53:45.0586 4708 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:53:45.0588 4708 USBSTOR - ok
13:53:45.0592 4708 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:53:45.0593 4708 usbuhci - ok
13:53:45.0610 4708 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:53:45.0612 4708 UxSms - ok
13:53:45.0626 4708 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:53:45.0627 4708 VaultSvc - ok
13:53:45.0631 4708 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:53:45.0631 4708 vdrvroot - ok
13:53:45.0651 4708 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:53:45.0656 4708 vds - ok
13:53:45.0660 4708 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:53:45.0660 4708 vga - ok
13:53:45.0663 4708 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:53:45.0664 4708 VgaSave - ok
13:53:45.0668 4708 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:53:45.0670 4708 vhdmp - ok
13:53:45.0746 4708 [ 6BBD1072E94167A1C1F33CC66B0DF861 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
13:53:45.0759 4708 VIAHdAudAddService - ok
13:53:45.0761 4708 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:53:45.0762 4708 viaide - ok
13:53:45.0781 4708 [ 6B34F3220E4AE5D77BD42CEA94EB3892 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
13:53:45.0783 4708 VIAKaraokeService - ok
13:53:45.0793 4708 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:53:45.0794 4708 vmbus - ok
13:53:45.0809 4708 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:53:45.0809 4708 VMBusHID - ok
13:53:45.0812 4708 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:53:45.0812 4708 volmgr - ok
13:53:45.0816 4708 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:53:45.0818 4708 volmgrx - ok
13:53:45.0822 4708 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:53:45.0823 4708 volsnap - ok
13:53:45.0826 4708 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:53:45.0827 4708 vsmraid - ok
13:53:45.0858 4708 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:53:45.0864 4708 VSS - ok
13:53:45.0866 4708 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:53:45.0867 4708 vwifibus - ok
13:53:45.0882 4708 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:53:45.0884 4708 W32Time - ok
13:53:45.0900 4708 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:53:45.0900 4708 WacomPen - ok
13:53:45.0903 4708 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:53:45.0903 4708 WANARP - ok
13:53:45.0905 4708 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:53:45.0906 4708 Wanarpv6 - ok
13:53:45.0931 4708 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:53:45.0937 4708 wbengine - ok
13:53:45.0951 4708 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:53:45.0953 4708 WbioSrvc - ok
13:53:45.0964 4708 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:53:45.0966 4708 wcncsvc - ok
13:53:45.0977 4708 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:53:45.0978 4708 WcsPlugInService - ok
13:53:45.0980 4708 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:53:45.0980 4708 Wd - ok
13:53:45.0987 4708 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:53:45.0990 4708 Wdf01000 - ok
13:53:45.0999 4708 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:53:46.0001 4708 WdiServiceHost - ok
13:53:46.0002 4708 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:53:46.0004 4708 WdiSystemHost - ok
13:53:46.0007 4708 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:53:46.0009 4708 WebClient - ok
13:53:46.0016 4708 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:53:46.0017 4708 Wecsvc - ok
13:53:46.0026 4708 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:53:46.0027 4708 wercplsupport - ok
13:53:46.0050 4708 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:53:46.0051 4708 WerSvc - ok
13:53:46.0061 4708 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:53:46.0062 4708 WfpLwf - ok
13:53:46.0064 4708 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:53:46.0064 4708 WIMMount - ok
13:53:46.0070 4708 WinDefend - ok
13:53:46.0074 4708 WinHttpAutoProxySvc - ok
13:53:46.0104 4708 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:53:46.0105 4708 Winmgmt - ok
13:53:46.0147 4708 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:53:46.0156 4708 WinRM - ok
13:53:46.0194 4708 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:53:46.0198 4708 Wlansvc - ok
13:53:46.0200 4708 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:53:46.0201 4708 WmiAcpi - ok
13:53:46.0213 4708 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:53:46.0214 4708 wmiApSrv - ok
13:53:46.0227 4708 WMPNetworkSvc - ok
13:53:46.0241 4708 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:53:46.0243 4708 WPCSvc - ok
13:53:46.0258 4708 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:53:46.0261 4708 WPDBusEnum - ok
13:53:46.0264 4708 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:53:46.0265 4708 ws2ifsl - ok
13:53:46.0281 4708 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:53:46.0284 4708 wscsvc - ok
13:53:46.0287 4708 WSearch - ok
13:53:46.0347 4708 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:53:46.0360 4708 wuauserv - ok
13:53:46.0370 4708 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:53:46.0371 4708 WudfPf - ok
13:53:46.0389 4708 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:53:46.0390 4708 WUDFRd - ok
13:53:46.0411 4708 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:53:46.0412 4708 wudfsvc - ok
13:53:46.0425 4708 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:53:46.0426 4708 WwanSvc - ok
13:53:46.0435 4708 ================ Scan global ===============================
13:53:46.0449 4708 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:53:46.0463 4708 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:53:46.0470 4708 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:53:46.0486 4708 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:53:46.0517 4708 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:53:46.0521 4708 [Global] - ok
13:53:46.0522 4708 ================ Scan MBR ==================================
13:53:46.0553 4708 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:53:46.0704 4708 \Device\Harddisk0\DR0 - ok
13:53:46.0707 4708 [ 3DFBD33517922022AAB2367021B4BBEC ] \Device\Harddisk1\DR1
13:53:46.0709 4708 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
13:53:46.0709 4708 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
13:53:46.0709 4708 ================ Scan VBR ==================================
13:53:46.0711 4708 [ A75CFC6E1FDFBAEE7262F0DCA6E10EC5 ] \Device\Harddisk0\DR0\Partition1
13:53:46.0713 4708 \Device\Harddisk0\DR0\Partition1 - ok
13:53:46.0722 4708 [ A55FB4813D5CC737A1C872028EB716E1 ] \Device\Harddisk0\DR0\Partition2
13:53:46.0724 4708 \Device\Harddisk0\DR0\Partition2 - ok
13:53:46.0735 4708 [ A2475E0CC9C87A4B144A9792798CA1D1 ] \Device\Harddisk0\DR0\Partition3
13:53:46.0736 4708 \Device\Harddisk0\DR0\Partition3 - ok
13:53:46.0750 4708 [ C97506C89400F80D4344D52B42E7D8B1 ] \Device\Harddisk0\DR0\Partition4
13:53:46.0752 4708 \Device\Harddisk0\DR0\Partition4 - ok
13:53:46.0754 4708 [ AF09F3106187641F5EF1D63EA1EB6518 ] \Device\Harddisk1\DR1\Partition1
13:53:46.0755 4708 \Device\Harddisk1\DR1\Partition1 - ok
13:53:46.0756 4708 ============================================================
13:53:46.0756 4708 Scan finished
13:53:46.0756 4708 ============================================================
13:53:46.0762 2716 Detected object count: 1
13:53:46.0762 2716 Actual detected object count: 1
13:54:09.0937 2716 \Device\Harddisk1\DR1\# - copied to quarantine
13:54:09.0937 2716 \Device\Harddisk1\DR1 - copied to quarantine
13:54:09.0938 2716 \Device\Harddisk1\DR1 - processing error
13:54:53.0119 2716 \Device\Harddisk1\DR1 - restored
13:54:53.0119 2716 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore
13:55:02.0594 4652 Deinitialize success
Code:
ATTFilter ComboFix 13-04-08.04 - Manu 09.04.2013 14:33:34.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8150.6162 [GMT 2:00]
ausgeführt von:: c:\users\Manu\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-09 bis 2013-04-09 ))))))))))))))))))))))))))))))
.
.
2013-04-09 12:36 . 2013-04-09 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-09 11:54 . 2013-04-09 11:54 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-09 11:26 . 2013-03-19 03:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2E800CF-CC09-4268-9786-7EB8807801CC}\mpengine.dll
2013-04-07 22:12 . 2013-04-07 22:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-04-03 01:41 . 2013-04-03 01:41 -------- d-----w- c:\program files (x86)\AMD
2013-04-02 23:14 . 2013-04-03 10:38 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-04-01 13:37 . 2013-04-01 13:37 -------- d-----w- c:\programdata\Trymedia
2013-04-01 13:30 . 2005-07-22 17:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll
2013-04-01 11:47 . 2013-04-01 11:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-01 02:16 . 2013-04-01 02:16 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-04-01 02:16 . 2013-04-01 02:16 -------- d-----w- c:\windows\PCHEALTH
2013-04-01 02:16 . 2013-04-01 02:16 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-01 02:14 . 2013-04-01 02:14 -------- d-----w- c:\program files\Microsoft Office
2013-04-01 02:14 . 2013-04-01 02:14 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-04-01 02:13 . 2013-04-01 12:11 -------- d-----w- c:\programdata\Microsoft Help
2013-03-31 23:37 . 2013-03-31 23:37 -------- d-----w- c:\programdata\ATI
2013-03-31 23:37 . 2013-03-31 23:37 -------- d-----w- c:\programdata\AMD
2013-03-31 23:37 . 2013-03-31 23:37 -------- d-----w- c:\program files (x86)\AMD AVT
2013-03-31 23:37 . 2013-03-31 23:37 -------- d-----w- c:\program files (x86)\AMD APP
2013-03-31 23:37 . 2013-03-31 23:37 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-03-31 23:37 . 2013-03-31 23:37 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-03-31 23:36 . 2013-03-31 23:36 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-03-31 23:29 . 2013-03-31 23:29 -------- d-----w- c:\program files\ATI
2013-03-31 23:10 . 2013-03-31 23:10 -------- dc----w- c:\windows\system32\DRVSTORE
2013-03-31 23:10 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-31 23:10 . 2013-03-31 23:10 -------- d-----w- c:\program files\iTunes
2013-03-31 23:10 . 2013-03-31 23:10 -------- d-----w- c:\programdata\Apple Computer
2013-03-31 23:10 . 2013-03-31 23:10 -------- d-----w- c:\program files\iPod
2013-03-31 23:09 . 2013-03-31 23:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-03-31 23:09 . 2013-03-31 23:09 -------- d-----w- c:\program files\Common Files\Apple
2013-03-31 23:09 . 2013-03-31 23:09 -------- d-----w- c:\program files\Bonjour
2013-03-31 23:09 . 2013-03-31 23:09 -------- d-----w- c:\program files (x86)\Bonjour
2013-03-31 23:09 . 2013-03-31 23:10 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-03-31 23:09 . 2013-03-31 23:09 -------- d-----w- c:\programdata\Apple
2013-03-31 22:30 . 2013-03-31 22:30 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-31 22:30 . 2013-03-31 22:31 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-03-31 17:58 . 2008-07-31 08:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2013-03-31 17:58 . 2008-07-31 08:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2013-03-31 17:58 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-03-31 17:58 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-03-31 17:58 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-03-31 15:44 . 2013-04-08 22:36 -------- d-----w- c:\programdata\PMB Files
2013-03-31 15:44 . 2013-03-31 15:44 -------- d-----w- c:\program files (x86)\Pando Networks
2013-03-31 14:49 . 2013-03-31 14:49 -------- d-----w- c:\program files\Logitech Gaming Software
2013-03-31 14:47 . 2013-03-31 14:47 -------- d-----w- c:\program files\Realtek
2013-03-31 14:12 . 2012-12-04 13:21 791608 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2013-03-31 14:12 . 2012-12-04 13:21 20024 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2013-03-31 14:12 . 2012-12-04 13:21 358456 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2013-03-31 14:11 . 2013-03-31 14:11 -------- d-----w- c:\program files (x86)\Realtek
2013-03-31 14:11 . 2013-03-31 14:47 -------- d--h--w- c:\program files (x86)\Temp
2013-03-31 14:11 . 2012-05-25 16:06 1706640 ----a-w- c:\windows\RtlExUpd.dll
2013-03-31 12:29 . 2013-03-31 13:36 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-31 12:29 . 2013-03-31 13:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-31 11:54 . 2013-03-31 11:54 -------- d-----w- c:\program files (x86)\Canon
2013-03-31 01:38 . 2013-03-31 01:38 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-31 01:38 . 2013-03-31 01:38 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-31 01:37 . 2013-03-31 01:37 -------- d-----w- c:\windows\system32\appmgmt
2013-03-31 01:24 . 2013-03-31 01:24 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-03-31 00:54 . 2011-05-10 12:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2013-03-31 00:54 . 2011-05-10 12:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2013-03-31 00:54 . 2011-05-10 12:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2013-03-31 00:54 . 2006-05-04 07:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2013-03-31 00:54 . 2005-11-24 01:34 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2013-03-31 00:54 . 2005-10-04 00:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2013-03-31 00:38 . 2013-03-31 00:38 -------- d-----w- c:\programdata\LogiShrd
2013-03-31 00:38 . 2013-03-31 14:49 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-03-31 00:32 . 2013-03-31 02:56 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-31 00:32 . 2013-03-31 02:56 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-31 00:32 . 2013-03-31 02:56 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-31 00:32 . 2013-03-31 02:56 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-31 00:32 . 2013-03-31 02:56 188320 ----a-w- c:\windows\system32\java.exe
2013-03-31 00:32 . 2013-03-31 02:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-31 00:21 . 2013-03-31 00:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-31 00:21 . 2013-03-31 00:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-31 00:21 . 2013-03-31 00:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-31 00:21 . 2013-03-31 00:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 23:58 . 2013-03-30 23:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-03-30 23:55 . 2013-03-30 23:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-30 23:52 . 2013-03-30 23:52 -------- d-----w- c:\windows\SysWow64\Adobe
2013-03-30 23:48 . 2012-06-17 20:18 1202688 ----a-w- c:\windows\system32\ac3filter64.acm
2013-03-30 23:48 . 2012-06-17 20:10 965120 ----a-w- c:\windows\SysWow64\ac3filter.acm
2013-03-30 22:30 . 2013-03-30 22:30 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-03-30 22:30 . 2013-03-30 22:30 -------- d--h--w- c:\programdata\CanonBJ
2013-03-30 22:30 . 2012-03-14 04:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAD.DLL
2013-03-30 22:30 . 2012-03-14 04:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAD.DLL
2013-03-30 22:30 . 2012-03-14 04:00 385024 ----a-w- c:\windows\system32\CNMLMAD.DLL
2013-03-30 22:30 . 2010-03-18 18:25 307200 ----a-w- c:\windows\SysWow64\CNC5100L.dll
2013-03-30 22:30 . 2010-03-18 16:11 106496 ----a-w- c:\windows\SysWow64\CNC5100U.dll
2013-03-30 22:30 . 2008-08-25 17:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2013-03-30 22:30 . 2010-03-18 18:26 348672 ----a-w- c:\windows\system32\CNC5100L.dll
2013-03-30 22:30 . 2010-03-18 16:13 1354240 ----a-w- c:\windows\system32\CNC5100C.dll
2013-03-30 22:30 . 2010-03-18 16:13 112128 ----a-w- c:\windows\system32\CNC5100I.dll
2013-03-30 22:30 . 2008-08-25 17:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2013-03-30 22:26 . 2013-03-30 22:26 -------- d-----w- c:\windows\SysWow64\Macromed
2013-03-30 22:26 . 2013-03-30 22:26 -------- d-----w- c:\windows\system32\Macromed
2013-03-30 22:17 . 2013-03-31 00:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-30 20:45 . 2012-12-21 16:20 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe
2013-03-30 20:45 . 2012-12-21 12:54 14920 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2013-03-30 20:45 . 2012-12-21 12:53 9800 ----a-w- c:\windows\system32\EuGdiDrv.sys
2013-03-30 20:45 . 2012-12-21 12:53 9160 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2013-03-30 20:45 . 2012-12-21 12:53 87112 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2013-03-30 20:45 . 2012-12-21 12:53 17480 ----a-w- c:\windows\system32\epmntdrv.sys
2013-03-30 20:45 . 2012-12-21 12:53 100936 ----a-w- c:\windows\system32\setupempdrvx64.exe
2013-03-30 20:45 . 2012-12-20 13:46 3376640 ----a-w- c:\windows\system32\BootMan.exe
2013-03-30 20:45 . 2012-05-15 10:13 3316736 ----a-w- c:\windows\system32\¸´¼þ BootMan.exe
2013-03-30 20:45 . 2011-07-29 12:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2013-03-30 20:45 . 2011-07-29 12:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2013-03-30 20:45 . 2013-03-30 20:45 -------- d-----w- c:\program files (x86)\EaseUS Partition Master 9.2.1 Home Edition
2013-03-30 20:18 . 2013-03-30 20:18 0 ----a-w- c:\windows\ativpsrm.bin
2013-03-30 19:52 . 2013-04-01 02:16 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-03-30 19:42 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-03-30 19:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2013-03-30 19:23 . 2013-03-30 19:23 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-03-30 19:23 . 2013-03-30 19:23 -------- d-----w- c:\windows\system32\wbem\en-US
2013-03-30 19:20 . 2013-03-04 13:53 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-30 19:04 . 2013-03-30 19:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-30 19:01 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-03-30 18:58 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-30 18:58 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-30 18:58 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-30 18:58 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-30 18:58 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-03-30 18:58 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-03-30 18:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-30 18:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 23:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-03-30 19:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-30 19:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-30 19:41 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-30 19:41 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-30 19:41 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-30 19:41 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-23 20:57 . 2013-02-20 15:48 64624 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-01-17 20:15 . 2013-01-17 20:15 66800 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-26 5671984]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
c:\users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-5 25863280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - d:\lolreplay\LOLRecorder.exe [2013-2-14 523264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 atillk64;atillk64;c:\program files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys [2006-07-19 14608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-04-07 25640]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-04-07 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 20024]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-31 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-05-10 165144]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-12-11 27768]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-02-03 59520]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-02-03 84736]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-12-04 358456]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-12-04 791608]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2013-03-04 127568]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-01-17 66800]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTCore64;RTCore64;d:\msi afterburner\RTCore64.sys [2013-01-23 13368]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-02-22 2210376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-31 01:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Manu\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-26 5671984]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 7468784]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{B8AE74B7-2DF4-47A9-824E-79235F413517}: NameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2737083 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2742613 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2789648 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{B25F10DE-DC95-CF99-D737-E399FFD0E213} - c:\progra~3\INSTAL~1\{5E8A8~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-09 14:38:05
ComboFix-quarantined-files.txt 2013-04-09 12:38
.
Vor Suchlauf: 7 Verzeichnis(se), 25.103.355.904 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 24.552.939.520 Bytes frei
.
- - End Of File - - 0290552699F5592DC1CCA312DF05CB5F
|
|
09.04.2013, 13:52
| #8 |
| | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' So und hier noch OTL: Code:
ATTFilter OTL logfile created on: 09.04.2013 14:40:06 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manu\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 74,82% Memory free 15,92 Gb Paging File | 13,66 Gb Available in Paging File | 85,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,58 Gb Total Space | 22,95 Gb Free Space | 39,18% Space Free | Partition Type: NTFS Drive D: | 200,01 Gb Total Space | 175,03 Gb Free Space | 87,51% Space Free | Partition Type: NTFS Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS Drive I: | 1863,01 Gb Total Space | 1862,87 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe PRC - [2013.04.03 12:54:59 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe PRC - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.30 19:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.14 08:05:44 | 000,523,264 | ---- | M] (LOL Replay) -- D:\LOLReplay\LOLRecorder.exe PRC - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- D:\MSI Afterburner\MSIAfterburner.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.04 15:22:01 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 17:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.04.03 12:54:59 | 003,143,576 | ---- | M] () -- D:\Mozilla Firefox\mozjs.dll MOD - [2013.03.31 03:14:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.03.31 00:01:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.03.30 23:47:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.03.30 23:46:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.03.30 23:44:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll MOD - [2013.03.30 23:43:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.03.30 23:43:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.03.30 23:43:53 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll MOD - [2013.03.30 23:43:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.03.30 23:43:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.03.30 23:43:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.03.30 23:43:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.03.30 23:43:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.03.30 23:43:05 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.02.14 08:05:36 | 000,311,808 | ---- | M] () -- D:\LOLReplay\LOLUtils.dll MOD - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- D:\MSI Afterburner\MSIAfterburner.exe MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- D:\MSI Afterburner\RTMUI.dll MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- D:\MSI Afterburner\RTHAL.dll MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- D:\MSI Afterburner\RTCore.dll MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- D:\MSI Afterburner\RTUI.dll MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- D:\MSI Afterburner\RTFC.dll MOD - [2012.11.30 12:48:46 | 000,061,440 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2012.11.30 12:26:54 | 000,147,456 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2012.11.30 12:24:00 | 000,061,440 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- D:\MSI Afterburner\RTTSH.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.11 08:59:08 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.31 03:38:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.23 22:57:38 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.04 08:42:06 | 000,127,568 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2013.02.22 08:44:18 | 002,210,376 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2013.01.23 22:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.12.21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2012.12.21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.04 15:21:10 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.12.04 15:21:10 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.12.04 15:21:09 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.03 20:23:56 | 000,084,736 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.02.03 20:23:56 | 000,059,520 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.02.01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.04.07 20:57:03 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013.04.07 20:52:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- D:\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2012.12.21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2012.12.21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.19 13:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys -- (atillk64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7A 8B 35 6E 2D CE 01 [binary data] IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: B:\java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: B:\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: B:\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: B:\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: B:\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: D:\Mozilla Firefox\components [2013.04.03 12:54:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: D:\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Mozilla Thunderbird\components [2013.03.31 01:24:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Mozilla Thunderbird\plugins [2013.03.31 00:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions [2013.03.31 17:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions [2013.03.31 17:35:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions\foxyproxy@eric.h.jung [2013.03.31 01:01:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qu7f4cso.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1748201117-2840841522-2475966601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8AE74B7-2DF4-47A9-824E-79235F413517}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 14:38:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.09 14:33:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.09 14:33:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.09 14:33:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.09 14:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.09 14:32:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.09 14:30:36 | 005,049,517 | R--- | C] (Swearware) -- C:\Users\Manu\Desktop\ComboFix.exe [2013.04.09 13:54:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.04.09 13:20:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manu\Desktop\tdsskiller.exe [2013.04.08 20:51:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe [2013.04.08 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2013.04.07 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.04.07 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\TeamViewer [2013.04.07 22:28:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.04.07 22:28:51 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2013.04.05 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.05 18:49:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\LOLReplay [2013.04.03 03:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2013.04.03 01:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.04.01 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2013.04.01 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions [2013.04.01 15:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FEAR [2013.04.01 15:00:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.01 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.01 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando [2013.04.01 14:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando [2013.04.01 13:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.04.01 04:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.04.01 04:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.04.01 04:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.04.01 04:16:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.04.01 04:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.04.01 04:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.04.01 04:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.04.01 04:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft Help [2013.04.01 04:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.04.01 01:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.04.01 01:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.04.01 01:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.01 01:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.04.01 01:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Apple Computer [2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple Computer [2013.04.01 01:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.01 01:10:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.01 01:09:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple [2013.04.01 01:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.01 01:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.04.01 00:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.04.01 00:30:59 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.01 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite [2013.04.01 00:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.04.01 00:29:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited [2013.04.01 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.04.01 00:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQM [2013.04.01 00:13:25 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile [2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.04.01 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Notepad++ [2013.03.31 21:32:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\LolClient [2013.03.31 20:00:42 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop\Games [2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\PMB Files [2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.03.31 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.03.31 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.31 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.03.31 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA [2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VIA [2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2013.03.31 16:48:37 | 009,208,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVIA64.dll [2013.03.31 16:48:37 | 000,908,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.03.31 16:48:37 | 000,394,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.03.31 16:48:37 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2013.03.31 16:48:36 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll [2013.03.31 16:48:36 | 002,099,480 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll [2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll [2013.03.31 16:48:36 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll [2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll [2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll [2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll [2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll [2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll [2013.03.31 16:48:36 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll [2013.03.31 16:48:36 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll [2013.03.31 16:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.03.31 16:46:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2013.03.31 16:46:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2013.03.31 16:46:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2013.03.31 16:46:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2013.03.31 16:46:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2013.03.31 16:46:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2013.03.31 16:46:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2013.03.31 16:46:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2013.03.31 16:46:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2013.03.31 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.03.31 16:11:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.03.31 14:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.31 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\WindowsUpdate [2013.03.31 14:08:13 | 000,000,000 | R--D | C] -- C:\Users\Manu\Dropbox [2013.03.31 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.03.31 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Dropbox [2013.03.31 13:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.03.31 13:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.03.31 04:14:27 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.03.31 04:09:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\vlc [2013.03.31 04:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.31 04:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\WinRAR [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.31 03:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter [2013.03.31 03:37:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.31 03:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\LG Electronics [2013.03.31 03:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Logitech [2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.03.31 02:38:44 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Leadertech [2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logitech [2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logishrd [2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.31 01:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.03.31 01:57:52 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Adobe [2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.31 01:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.03.31 01:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Thunderbird [2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Thunderbird [2013.03.31 00:30:42 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.03.31 00:30:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Macromedia [2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Macromedia [2013.03.31 00:26:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.03.31 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Mozilla [2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Mozilla [2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.31 00:07:13 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VS Revo Group [2013.03.30 22:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition [2013.03.30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS Partition Master 9.2.1 Home Edition [2013.03.30 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\temp [2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ATI [2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\ATI [2013.03.30 21:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.30 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2013.03.30 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Adobe [2013.03.30 20:00:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Avira [2013.03.30 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.30 19:57:56 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.30 19:57:56 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.30 19:57:56 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.30 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Diagnostics [2013.03.30 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Programs [2013.03.30 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Google [2013.03.30 18:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.03.30 18:16:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Intel Corporation [2013.03.30 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2013.03.30 18:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE [2013.03.30 18:02:06 | 000,084,736 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys [2013.03.30 18:02:06 | 000,059,520 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys [2013.03.30 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2013.03.30 18:00:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.03.30 18:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2013.03.30 17:59:34 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2013.03.30 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2013.03.30 17:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.03.30 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.03.30 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.03.30 17:58:44 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.03.30 17:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.03.30 17:58:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\InstallShield [2013.03.30 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.03.30 17:56:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.03.30 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Google [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\Searches [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.30 17:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Identities [2013.03.30 17:48:24 | 000,000,000 | R--D | C] -- C:\Users\Manu\Contacts [2013.03.30 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VirtualStore [2013.03.30 17:48:18 | 000,000,000 | --SD | C] -- C:\Users\Manu\AppData\Roaming\Microsoft [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Videos [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Saved Games [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Pictures [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Music [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Links [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Favorites [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Downloads [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Documents [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Vorlagen [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Verlauf [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Temporary Internet Files [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Startmenü [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\SendTo [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Recent [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Netzwerkumgebung [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Lokale Einstellungen [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Videos [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Musik [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Eigene Dateien [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Bilder [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Druckumgebung [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Cookies [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Anwendungsdaten [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Anwendungsdaten [2013.03.30 17:48:18 | 000,000,000 | -H-D | C] -- C:\Users\Manu\AppData [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Temp [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Media Center Programs [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.30 17:48:15 | 000,000,000 | ---D | C] -- C:\Recovery [2013.03.30 17:48:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.30 17:40:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.03.30 17:39:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.03.30 17:39:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.03.27 17:38:06 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll [2013.03.13 05:35:44 | 000,127,568 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.09 14:33:25 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 14:33:25 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 14:31:08 | 005,049,517 | R--- | M] (Swearware) -- C:\Users\Manu\Desktop\ComboFix.exe [2013.04.09 14:30:19 | 001,618,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.09 14:30:19 | 000,698,912 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.09 14:30:19 | 000,653,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.09 14:30:19 | 000,149,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.09 14:30:19 | 000,121,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.09 14:26:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 14:25:49 | 2114,703,359 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 14:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 13:20:19 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manu\Desktop\tdsskiller.exe [2013.04.09 13:09:13 | 000,341,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 20:59:22 | 000,377,856 | ---- | M] () -- C:\Users\Manu\Desktop\gmer_2.1.19163.exe [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe [2013.04.08 20:12:15 | 000,050,477 | ---- | M] () -- C:\Users\Manu\Desktop\Defogger.exe [2013.04.08 01:31:05 | 000,000,614 | ---- | M] () -- C:\Users\Manu\Desktop\VLC media player.lnk [2013.04.07 23:49:21 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.07 22:28:51 | 000,000,606 | ---- | M] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2013.04.07 20:52:28 | 000,002,725 | ---- | M] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk [2013.04.07 20:29:53 | 000,001,055 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 18:49:37 | 000,000,685 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.04.01 01:37:44 | 000,002,128 | ---- | M] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk [2013.04.01 01:10:21 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 00:32:56 | 000,000,355 | ---- | M] () -- C:\Users\Manu\Desktop\Computer.lnk [2013.04.01 00:31:28 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.01 00:29:02 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.04.01 00:13:48 | 000,001,806 | ---- | M] () -- C:\Users\Manu\Desktop\ICQ.lnk [2013.03.31 14:04:44 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.31 13:54:20 | 000,002,130 | ---- | M] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk [2013.03.31 05:04:40 | 000,001,133 | -H-- | M] () -- C:\Windows\EPMBatch.ept [2013.03.31 04:48:52 | 000,000,675 | ---- | M] () -- C:\Users\Manu\Desktop\eclipse.lnk [2013.03.31 04:04:39 | 000,000,882 | ---- | M] () -- C:\Users\Manu\Desktop\CCleaner.lnk [2013.03.31 02:54:36 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.03.31 01:15:21 | 000,005,766 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.03.30 22:18:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.03.30 21:21:29 | 000,001,290 | ---- | M] () -- C:\Users\Manu\Desktop\dfrgui.lnk [2013.03.30 21:20:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.30 19:57:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.30 18:00:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.30 17:58:09 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.09 14:33:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.09 14:33:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.09 14:33:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.09 14:33:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.09 14:33:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.09 13:09:03 | 000,341,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 20:59:21 | 000,377,856 | ---- | C] () -- C:\Users\Manu\Desktop\gmer_2.1.19163.exe [2013.04.08 20:12:13 | 000,050,477 | ---- | C] () -- C:\Users\Manu\Desktop\Defogger.exe [2013.04.08 14:45:30 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk [2013.04.08 01:31:05 | 000,000,614 | ---- | C] () -- C:\Users\Manu\Desktop\VLC media player.lnk [2013.04.07 23:49:21 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.07 22:28:51 | 000,000,606 | ---- | C] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk [2013.04.07 20:52:28 | 000,002,725 | ---- | C] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk [2013.04.05 18:49:37 | 000,000,685 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.04.01 01:37:44 | 000,002,128 | ---- | C] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk [2013.04.01 01:10:21 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 01:09:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.04.01 00:32:56 | 000,000,355 | ---- | C] () -- C:\Users\Manu\Desktop\Computer.lnk [2013.04.01 00:31:28 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.01 00:29:02 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.04.01 00:29:02 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.04.01 00:13:48 | 000,001,806 | ---- | C] () -- C:\Users\Manu\Desktop\ICQ.lnk [2013.03.31 14:05:50 | 000,001,055 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.31 13:54:20 | 000,002,130 | ---- | C] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk [2013.03.31 04:48:52 | 000,000,675 | ---- | C] () -- C:\Users\Manu\Desktop\eclipse.lnk [2013.03.31 04:04:39 | 000,000,882 | ---- | C] () -- C:\Users\Manu\Desktop\CCleaner.lnk [2013.03.31 03:38:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.31 03:19:55 | 000,000,988 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.31 02:54:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013.03.31 02:54:22 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.03.31 02:13:42 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.31 01:55:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.31 01:48:42 | 001,202,688 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm [2013.03.31 01:48:42 | 000,965,120 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm [2013.03.31 01:24:03 | 000,000,776 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.31 01:12:27 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL [2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL [2013.03.31 00:17:16 | 000,000,681 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.30 22:56:21 | 000,001,133 | -H-- | C] () -- C:\Windows\EPMBatch.ept [2013.03.30 22:45:52 | 003,376,640 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe [2013.03.30 22:45:52 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\¸´¼þ BootMan.exe [2013.03.30 22:45:52 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2013.03.30 22:45:52 | 000,100,936 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe [2013.03.30 22:45:52 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2013.03.30 22:45:52 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2013.03.30 22:45:52 | 000,017,480 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys [2013.03.30 22:45:52 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll [2013.03.30 22:45:52 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2013.03.30 22:45:52 | 000,009,800 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys [2013.03.30 22:45:52 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2013.03.30 22:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.03.30 21:43:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.30 21:43:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.30 21:21:29 | 000,001,290 | ---- | C] () -- C:\Users\Manu\Desktop\dfrgui.lnk [2013.03.30 21:20:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.30 19:57:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.30 18:14:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2013.03.30 18:02:20 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe [2013.03.30 18:02:20 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys [2013.03.30 18:00:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.30 17:59:11 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.03.30 17:54:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.03.30 17:49:08 | 000,001,413 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.30 17:42:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.03.30 17:41:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.03.30 17:39:43 | 2114,703,359 | -HS- | C] () -- C:\hiberfil.sys [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.01 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited [2013.04.01 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite [2013.04.09 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Dropbox [2013.04.01 16:13:19 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile [2013.04.01 00:15:00 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQM [2013.03.31 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Leadertech [2013.03.31 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\LolClient [2013.04.01 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Notepad++ [2013.04.07 23:48:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\TeamViewer [2013.03.31 01:24:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > |
|
09.04.2013, 14:01
| #9 |
| /// TB-Ausbilder | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Prima. Wie läuft der Rechner jetzt? Schritt 1
Code:
ATTFilter :commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
09.04.2013, 15:45
| #10 |
| | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hey, sry der ESET scan hat Ewigkeiten gedauert. Also der Rechner läuft und lief auch schon die ganze Zeit sehr gut, hab den Virus ja nur durch einen abschließenden Komplettscan entdeckt SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 Manu :: MANU-PC [Administrator] 09.04.2013 15:12:23 mbam-log-2013-04-09 (15-12-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216116 Laufzeit: 1 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und OTL: Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Manu
->Temp folder emptied: 691 bytes
->Temporary Internet Files folder emptied: 258 bytes
->FireFox cache emptied: 9126861 bytes
->Flash cache emptied: 67021 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 33817600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 41,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04092013_150540
Files\Folders moved on Reboot...
C:\Users\Manu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.04.2013, 15:47
| #11 |
| /// TB-Ausbilder | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hi, ja, der ESET-Scan dauert lange, das ist normal. Aber das sieht alles sehr gut aus bei dir. Wir räumen jetzt noch auf. Überprüfe noch mit diesem Plugin-Check, ob alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
|
09.04.2013, 16:11
| #12 |
| | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hey, also Plugin-Check hab ich gemacht und alles ist aktuell außer "Java ist nicht Installiert oder nicht aktiviert." sollte ich das noch installieren für Firefox? JDK + JRE ist eigentlich installiert. Die letzten Punkte zum Cleanup werde ich dann jetzt durchführen (MBAM und ESET werde ich dann behalten )Eine kleine Frage noch: als einziges clean bzw. tune Programm benutze ich den CCleaner mit CCEnhancer, ist der noch i.o. oder auch lieber sein lassen? Und dann habe ich noch vor die externe Festplatte nochmal richtig gründlich zu formatieren. Falls nichts mehr schief geht mit den letzten Dingen, bedanke ich mich hiermit schonmal bei dir und dem Rest von euerm Team, ging echt alles flüssig und schnell! Viele grüße, Manuel! |
|
09.04.2013, 16:20
| #13 |
| /// TB-Ausbilder | BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Danke für die Rückmeldung, Manuel. Das mit Java ist ok so, du brauchst nichts mehr zu machen. Wir raten beim CCleaner einfach davon ab, die Registry zu bereinigen. In der Registry sollte man nicht ohne Not rumpfuschen. Bringt eh nicht viel und kann auch mal schief gehen. Die restlichen Funktionen sind ok. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' |
| antivir, autorun, avira, bho, bonjour, canon, error, firefox, flash player, helper, iexplore.exe, install.exe, installation, launch, logfile, manuel, mozilla, pando media booster, plug-in, realtek, registry, rundll, schädling, security, super, svchost.exe, taskhost.exe, teamspeak, trojaner-board, usb, virus, windows, windows xp |
Textbox.
Linear-Darstellung
