Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Cybercrime Investigation Virus 735b...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.11.2012, 00:00   #1
mr_sing771
 
Cybercrime Investigation Virus 735b... - Standard

Cybercrime Investigation Virus 735b...



Huhu Zusammen,

mich hat es leider auch erwischt...

Anbei mal meine Log Files:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.21.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
xxx :: xxxx-xx [Administrator]

21.11.2012 23:05:07
mbam-log-2012-11-21 (23-53-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 416894
Laufzeit: 47 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Rootkit.0Access) -> Daten: C:\Users\xxx\yuksfgiluegwufywpcjt.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\xxx\yuksfgiluegwufywpcjt.exe (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\xxx\ndqvqvtlfelh.exe (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Und noch OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.11.2012 23:54:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 77,76% Memory free
15,50 Gb Paging File | 14,01 Gb Available in Paging File | 90,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585,74 Gb Total Space | 439,66 Gb Free Space | 75,06% Space Free | Partition Type: NTFS
 
Computer Name: OLIVERPETER-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.21 23:02:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.16 17:27:26 | 000,033,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.29 17:44:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.03.02 18:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe -- (AESTFilters)
SRV - [2012.11.04 17:34:35 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.18 20:17:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.11.04 17:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2010.05.21 09:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Programme\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV - [2010.04.04 19:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Stopped] -- C:\Programme\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.29 17:44:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.15 16:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.03.02 18:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.20 18:13:04 | 000,013,312 | ---- | M] () [Auto | Stopped] -- C:\Programme\OSD\Service1.exe -- (CustomSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.03 06:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.07.29 12:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010.07.29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.07.29 12:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010.07.29 12:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010.04.21 14:59:16 | 000,073,216 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010.03.04 17:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.02.09 21:26:03 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.09 21:26:03 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.11.16 17:27:26 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.11.16 17:10:15 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.10.17 03:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009.07.24 13:13:40 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys -- (bulkadi)
DRV:64bit: - [2009.07.14 20:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.03 03:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.03 03:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.03 03:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.03 03:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.29 17:44:00 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.09 21:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008.09.25 04:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006.11.02 21:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.02.09 21:35:38 | 000,053,760 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV76.sys -- (SSHDRV76)
DRV - [2009.08.28 17:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/10/08 23:16:47] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.25 20:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Programme\OSD\WinRing0x64.sys -- (WinRing0_1_2_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alienware.com
 
 
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 0F DB 12 99 6F CA 01  [binary data]
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2010.12.31 17:15:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.12.31 17:15:15 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.01.21 19:24:28 | 000,000,759 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Programme\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Programme\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OSD CC] C:\Programme\OSD\Launch_CC.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FAStartup]  File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Programme\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [OSD] c:\Programme\OSD\Launch.exe (HH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-4014114825-1403553294-1922473905-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD82B629-F951-46DA-91F1-3707E913ED3D}: DhcpNameServer = 10.9.11.21 10.9.11.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F52CC429-CB3E-4C64-A79C-579D036E3F93}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F52CC429-CB3E-4C64-A79C-579D036E3F93}: NameServer = 208.67.220.220,208.67.222.222
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Programme\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 23:03:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.11.21 23:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.21 23:03:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.21 23:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.21 23:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.21 23:02:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.11.21 22:44:47 | 000,000,000 | R--D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.11.13 23:46:14 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.13 23:46:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.13 23:42:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.13 23:41:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.13 23:41:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.13 23:41:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.13 23:41:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.13 23:41:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.13 23:41:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.13 23:41:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.13 23:41:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.13 23:41:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.13 23:41:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.13 23:41:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.13 23:41:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.13 23:41:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.13 23:41:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.13 23:41:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.13 23:39:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.13 23:39:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.13 23:39:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.13 23:39:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.13 22:07:18 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.13 22:07:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.13 22:07:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.13 22:07:11 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.13 22:07:11 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.13 22:07:11 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.13 22:07:11 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.13 22:07:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.13 22:07:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.13 22:06:54 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.13 22:06:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 23:04:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 23:02:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.11.21 22:56:20 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 22:56:20 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 22:56:20 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 22:56:20 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 22:56:20 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.21 22:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 22:51:53 | 1944,854,527 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.21 22:17:34 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 22:17:34 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 22:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.14 01:07:06 | 000,422,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.21 23:03:34 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 23:46:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.13 23:39:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2011.05.13 18:34:00 | 008,897,632 | ---- | C] () -- C:\Users\xxx\M17R1A07.zip
[2011.05.13 18:33:56 | 171,880,600 | ---- | C] () -- C:\Users\xxx\nVidia_Geforce-GTX-280M_A03_R279499.exe
[2011.05.13 18:33:21 | 002,029,416 | ---- | C] () -- C:\Users\xxx\SAMSUNG_MULTI-DEVICE_A00_R276513.exe
[2011.05.13 18:33:00 | 004,303,180 | ---- | C] () -- C:\Users\xxx\AWimages.zip
[2011.05.13 18:32:44 | 053,938,856 | ---- | C] () -- C:\Users\xxx\R272621.exe
[2011.05.13 18:32:19 | 017,024,080 | ---- | C] () -- C:\Users\xxx\R240776.exe
[2011.05.13 18:32:18 | 004,066,784 | ---- | C] () -- C:\Users\xxx\R224163.exe
[2011.05.13 18:32:18 | 002,732,728 | ---- | C] () -- C:\Users\xxx\R240771.exe
[2011.03.27 20:44:37 | 000,003,990 | ---- | C] () -- C:\Users\xxx\IrwOrderReceipt.pdf
[2010.07.11 18:44:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.30 19:52:15 | 000,007,607 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2009.11.16 17:42:52 | 000,001,062 | ---- | C] () -- C:\Users\xxx\My Alienware PC Information.lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.08 23:11:20 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ESET
[2009.12.30 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ESET
[2010.11.21 22:47:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Razer
[2011.12.17 21:09:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
[2011.11.16 11:22:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Wise Registry Cleaner
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.11.2012 23:54:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 77,76% Memory free
15,50 Gb Paging File | 14,01 Gb Available in Paging File | 90,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585,74 Gb Total Space | 439,66 Gb Free Space | 75,06% Space Free | Partition Type: NTFS
 
Computer Name: OLIVERPETER-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{233F67FC-0C2E-4BEA-B9AD-1EB135CF4CC5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{7E852C8A-56BC-431F-9B6E-CE25F551D6E7}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDDFC63-038C-4D12-A08C-BFD590A77D3E}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{174F7F17-50B5-4C27-BC6F-6A15DB7D5047}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{33B5EA42-125A-4A16-BE28-0A1D42F7F4E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{397CF5FF-7F43-465E-8C70-FE1118D9AD0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{3B783BCF-5ABF-45C6-9E67-1727E43D58DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{445B07D2-03D9-4D5C-B91C-126B6BD6CE4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{480AF96B-D75D-44A4-BA45-C5F505160CC3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5454649D-4F25-40E1-BC09-52287CDAE66E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{59C6F05A-A048-4295-9798-081D95B83D5C}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{653E5243-1BA0-47DC-AEDC-F82DF69F4DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6B4A63C1-11D2-43A3-9F42-44AAD5801564}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{6F2C4FDD-64BF-49F7-92EA-DB1E82555927}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{88F067D3-252A-4B03-916D-C89BD48A0751}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{89693954-BA48-475B-91DC-50BC711995F2}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{8FE4806D-038D-405A-A139-35162189AB07}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{96729404-FD98-4AF1-9225-1F709A676E4D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{99FCC74C-1B7A-41A6-9D22-BB5E27D3FC72}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{9B1467E4-A89A-4073-AA5C-E99704BD8551}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{A2E21C7F-91E1-4C27-8058-7811CA900C76}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{A823B087-AC3E-4B44-BF7C-ACED7B92B813}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{D62A44C5-FEDC-447C-B482-63D707764E7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E62DC87D-78A7-4238-8E67-30D4F25E2C57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E8B414F2-BEDF-4D3C-9863-4D5C40A67E2E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{EB7DD92D-82DA-4FFE-9B73-B59EC9A487FF}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{EEA7F21D-0E9F-455A-A46E-170D6C8A5728}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F83246E9-9941-45BC-80C7-21881EFB95A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{9F064AB1-A7DA-4EF0-B413-72AB2055ADA8}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 
"UDP Query User{276EB4EE-F813-4C30-BF71-0DDEAFF1217F}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9D34D4CB-AF07-47AC-8A26-0AC085A4D8B5}" = ESET Smart Security
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1ECF77EA0B590A72334E5A399ACB5AB27C3D88EE" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass  (05/01/2009 5.1.0000.1)
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3a4afe25-8384-43fc-ab86-de6d92c7c6f6}" = Nero 9 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_SMALLBUSINESSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AlienRespawn20_AD" = AlienRespawn v2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"StarCraft II" = StarCraft II
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"SystemRequirementsLab" = System Requirements Lab
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4014114825-1403553294-1922473905-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.11.2012 17:14:40 | Computer Name = xxx-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 12.11.2012 17:36:02 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.11.2012 17:17:46 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.11.2012 19:19:05 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 15.11.2012 16:46:21 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.11.2012 19:26:40 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 17.11.2012 13:42:29 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.11.2012 14:35:54 | Computer Name = xxx-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 19.11.2012 18:49:43 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.11.2012 19:11:01 | Computer Name = xxx-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 27.07.2012 07:16:27 | Computer Name = xxx-PC | Source = WLAN-Tray | ID = 0
Description = 13:16:27, Fri, Jul 27, 12 Error - Unable to gain access to user store

 
Error - 24.08.2012 12:32:54 | Computer Name = xxx-PC | Source = WLAN-Tray | ID = 0
Description = 18:32:54, Fri, Aug 24, 12 Error - Unable to gain access to user store

 
Error - 14.09.2012 01:12:07 | Computer Name = xxx-PC | Source = WLAN-Tray | ID = 0
Description = 07:12:07, Fri, Sep 14, 12 Error - Unable to gain access to user store

 
Error - 21.09.2012 22:19:23 | Computer Name = xxx-PC | Source = WLAN-Tray | ID = 0
Description = 04:19:23, Sat, Sep 22, 12 Error - Unable to gain access to user store

 
[ System Events ]
Error - 21.11.2012 17:52:46 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:46 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:46 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:46 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:46 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:46 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:47 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:47 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 17:52:47 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.11.2012 18:24:52 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Vielen Dank!

Geändert von mr_sing771 (22.11.2012 um 00:18 Uhr) Grund: Rechtschreibung

Alt 22.11.2012, 12:22   #2
Psychotic
/// Malwareteam
 
Cybercrime Investigation Virus 735b... - Standard

Cybercrime Investigation Virus 735b...





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 22.11.2012, 23:05   #3
mr_sing771
 
Cybercrime Investigation Virus 735b... - Standard

Cybercrime Investigation Virus 735b...



Hallo Marius,

vielen Dank für Deine Hilfe! Eins vorweg: nach dem Malwarebyte-check gestern liess der Lappi sich wieder normal starten etc.

Anbei mal die Logs:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 22:06:30
-----------------------------
22:06:30.247    OS Version: Windows x64 6.1.7601 Service Pack 1
22:06:30.247    Number of processors: 4 586 0x170A
22:06:30.247    ComputerName: ***-PC  UserName: ***
22:06:31.604    Initialize success
22:09:03.037    AVAST engine defs: 12112201
22:09:10.447    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
22:09:10.447    Disk 0 Vendor: NVIDIA__  Size: 610490MB BusType: 8
22:09:10.463    Disk 0 MBR read successfully
22:09:10.463    Disk 0 MBR scan
22:09:10.478    Disk 0 unknown MBR code
22:09:10.478    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       599795 MB offset 2048
22:09:10.510    Disk 0 Partition 2 00     12  Compaq diag NTFS        10691 MB offset 1228382208
22:09:10.556    Disk 0 scanning C:\Windows\system32\drivers
22:09:36.094    Service scanning
22:09:57.965    Modules scanning
22:09:57.965    Disk 0 trace - called modules:
22:09:57.996    ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd64.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
22:09:58.012    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008824060]
22:09:58.511    3 CLASSPNP.SYS[fffff880010fd43f] -> nt!IofCallDriver -> \Device\0000007c[0xfffffa80083e54d0]
22:09:58.511    5 nvrd64.sys[fffff88001138402] -> nt!IofCallDriver -> [0xfffffa8008373290]
22:09:58.511    7 ACPI.sys[fffff88000efc7a1] -> nt!IofCallDriver -> \Device\00000078[0xfffffa8008374060]
22:10:00.040    AVAST engine scan C:\Windows
22:10:02.598    AVAST engine scan C:\Windows\system32
22:15:05.862    AVAST engine scan C:\Windows\system32\drivers
22:15:21.805    AVAST engine scan C:\Users\***
22:27:26.160    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
22:27:26.160    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
Leider bleibt ASW sowohl im normalen als auch im abgesicherten Modus immer an der gleichen Stelle hängen.

TDSS:

Code:
ATTFilter
22:56:05.0874 5224  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:56:06.0108 5224  ============================================================
22:56:06.0108 5224  Current date / time: 2012/11/22 22:56:06.0108
22:56:06.0108 5224  SystemInfo:
22:56:06.0108 5224  
22:56:06.0108 5224  OS Version: 6.1.7601 ServicePack: 1.0
22:56:06.0108 5224  Product type: Workstation
22:56:06.0108 5224  ComputerName: ***-PC
22:56:06.0108 5224  UserName: ***
22:56:06.0108 5224  Windows directory: C:\Windows
22:56:06.0108 5224  System windows directory: C:\Windows
22:56:06.0108 5224  Running under WOW64
22:56:06.0108 5224  Processor architecture: Intel x64
22:56:06.0108 5224  Number of processors: 4
22:56:06.0108 5224  Page size: 0x1000
22:56:06.0108 5224  Boot type: Normal boot
22:56:06.0108 5224  ============================================================
22:56:07.0605 5224  Drive \Device\Harddisk0\DR0 - Size: 0x950BAA0000 (596.18 Gb), SectorSize: 0x200, Cylinders: 0x13002, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:56:07.0605 5224  ============================================================
22:56:07.0605 5224  \Device\Harddisk0\DR0:
22:56:07.0605 5224  MBR partitions:
22:56:07.0605 5224  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x49379800
22:56:07.0605 5224  ============================================================
22:56:07.0637 5224  C: <-> \Device\Harddisk0\DR0\Partition1
22:56:07.0637 5224  ============================================================
22:56:07.0637 5224  Initialize success
22:56:07.0637 5224  ============================================================
22:56:10.0694 5340  ============================================================
22:56:10.0694 5340  Scan started
22:56:10.0694 5340  Mode: Manual; 
22:56:10.0694 5340  ============================================================
22:56:11.0630 5340  ================ Scan system memory ========================
22:56:11.0630 5340  System memory - ok
22:56:11.0630 5340  ================ Scan services =============================
22:56:11.0771 5340  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:56:11.0771 5340  1394ohci - ok
22:56:11.0802 5340  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:56:11.0817 5340  ACPI - ok
22:56:11.0849 5340  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:56:11.0880 5340  AcpiPmi - ok
22:56:12.0020 5340  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:56:12.0036 5340  AdobeFlashPlayerUpdateSvc - ok
22:56:12.0067 5340  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:56:12.0129 5340  adp94xx - ok
22:56:12.0176 5340  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:56:12.0223 5340  adpahci - ok
22:56:12.0285 5340  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:56:12.0379 5340  adpu320 - ok
22:56:12.0395 5340  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:56:12.0395 5340  AeLookupSvc - ok
22:56:12.0473 5340  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe
22:56:12.0473 5340  AESTFilters - ok
22:56:12.0519 5340  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:56:12.0519 5340  AFD - ok
22:56:12.0551 5340  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
22:56:12.0629 5340  AgereSoftModem - ok
22:56:12.0644 5340  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:56:12.0675 5340  agp440 - ok
22:56:12.0691 5340  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:56:12.0707 5340  ALG - ok
22:56:12.0785 5340  [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
22:56:12.0785 5340  AlienFusionService - ok
22:56:12.0800 5340  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:56:12.0831 5340  aliide - ok
22:56:12.0863 5340  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:56:12.0878 5340  amdide - ok
22:56:12.0909 5340  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:56:12.0925 5340  AmdK8 - ok
22:56:12.0956 5340  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:56:13.0003 5340  AmdPPM - ok
22:56:13.0019 5340  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:56:13.0065 5340  amdsata - ok
22:56:13.0081 5340  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:56:13.0112 5340  amdsbs - ok
22:56:13.0143 5340  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:56:13.0175 5340  amdxata - ok
22:56:13.0206 5340  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:56:13.0237 5340  AppID - ok
22:56:13.0253 5340  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:56:13.0253 5340  AppIDSvc - ok
22:56:13.0299 5340  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:56:13.0299 5340  Appinfo - ok
22:56:13.0393 5340  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:56:13.0409 5340  Apple Mobile Device - ok
22:56:13.0424 5340  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:56:13.0471 5340  AppMgmt - ok
22:56:13.0487 5340  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:56:13.0518 5340  arc - ok
22:56:13.0533 5340  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:56:13.0549 5340  arcsas - ok
22:56:13.0580 5340  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:56:13.0596 5340  AsyncMac - ok
22:56:13.0643 5340  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:56:13.0658 5340  atapi - ok
22:56:13.0721 5340  [ 4AEF9EC86818375495FB78CA58DF4E18 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:56:13.0752 5340  atksgt - ok
22:56:13.0799 5340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:56:13.0861 5340  AudioEndpointBuilder - ok
22:56:13.0877 5340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:56:13.0877 5340  AudioSrv - ok
22:56:13.0892 5340  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:56:13.0923 5340  AxInstSV - ok
22:56:13.0939 5340  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:56:13.0970 5340  b06bdrv - ok
22:56:13.0986 5340  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:56:14.0017 5340  b57nd60a - ok
22:56:14.0048 5340  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
22:56:14.0048 5340  BCM42RLY - ok
22:56:14.0142 5340  [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:56:14.0157 5340  BCM43XX - ok
22:56:14.0204 5340  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:56:14.0220 5340  BDESVC - ok
22:56:14.0235 5340  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:56:14.0251 5340  Beep - ok
22:56:14.0282 5340  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:56:14.0345 5340  BFE - ok
22:56:14.0391 5340  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:56:14.0454 5340  BITS - ok
22:56:14.0469 5340  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:56:14.0501 5340  blbdrive - ok
22:56:14.0547 5340  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:56:14.0563 5340  Bonjour Service - ok
22:56:14.0594 5340  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:56:14.0641 5340  bowser - ok
22:56:14.0657 5340  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:56:14.0672 5340  BrFiltLo - ok
22:56:14.0688 5340  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:56:14.0688 5340  BrFiltUp - ok
22:56:14.0735 5340  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:56:14.0750 5340  Browser - ok
22:56:14.0766 5340  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:56:14.0828 5340  Brserid - ok
22:56:14.0828 5340  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:56:14.0859 5340  BrSerWdm - ok
22:56:14.0875 5340  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:56:14.0891 5340  BrUsbMdm - ok
22:56:14.0906 5340  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:56:14.0922 5340  BrUsbSer - ok
22:56:14.0953 5340  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:56:14.0969 5340  BthEnum - ok
22:56:14.0984 5340  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:56:15.0015 5340  BTHMODEM - ok
22:56:15.0031 5340  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:56:15.0031 5340  BthPan - ok
22:56:15.0078 5340  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:56:15.0140 5340  BTHPORT - ok
22:56:15.0171 5340  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:56:15.0171 5340  bthserv - ok
22:56:15.0203 5340  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:56:15.0234 5340  BTHUSB - ok
22:56:15.0249 5340  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:56:15.0265 5340  btwaudio - ok
22:56:15.0296 5340  [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
22:56:15.0327 5340  btwavdt - ok
22:56:15.0390 5340  [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:56:15.0390 5340  btwdins - ok
22:56:15.0421 5340  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
22:56:15.0452 5340  btwl2cap - ok
22:56:15.0468 5340  [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:56:15.0483 5340  btwrchid - ok
22:56:15.0515 5340  [ CE294CF4893A31A7AE59FCAF906936A6 ] bulkadi         C:\Windows\system32\DRIVERS\bulkrazer_x64.sys
22:56:15.0530 5340  bulkadi - ok
22:56:15.0561 5340  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:56:15.0593 5340  cdfs - ok
22:56:15.0655 5340  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:56:15.0686 5340  cdrom - ok
22:56:15.0733 5340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:56:15.0749 5340  CertPropSvc - ok
22:56:15.0780 5340  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:56:15.0795 5340  circlass - ok
22:56:15.0827 5340  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:56:15.0842 5340  CLFS - ok
22:56:15.0920 5340  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:15.0920 5340  clr_optimization_v2.0.50727_32 - ok
22:56:15.0983 5340  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:56:16.0014 5340  clr_optimization_v2.0.50727_64 - ok
22:56:16.0092 5340  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:56:16.0139 5340  clr_optimization_v4.0.30319_32 - ok
22:56:16.0217 5340  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:56:16.0232 5340  clr_optimization_v4.0.30319_64 - ok
22:56:16.0263 5340  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:56:16.0279 5340  CmBatt - ok
22:56:16.0310 5340  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:56:16.0341 5340  cmdide - ok
22:56:16.0388 5340  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:56:16.0435 5340  CNG - ok
22:56:16.0451 5340  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:56:16.0482 5340  Compbatt - ok
22:56:16.0513 5340  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:56:16.0529 5340  CompositeBus - ok
22:56:16.0529 5340  COMSysApp - ok
22:56:16.0544 5340  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:56:16.0560 5340  crcdisk - ok
22:56:16.0591 5340  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:56:16.0591 5340  CryptSvc - ok
22:56:16.0622 5340  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
22:56:16.0669 5340  CSC - ok
22:56:16.0716 5340  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
22:56:16.0716 5340  CscService - ok
22:56:16.0747 5340  [ 6A56407675844CB11E65964EE35E0B46 ] CustomSvc       C:\Program Files\OSD\Service1.exe
22:56:16.0747 5340  CustomSvc - ok
22:56:16.0763 5340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:56:16.0763 5340  DcomLaunch - ok
22:56:16.0794 5340  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:56:16.0841 5340  defragsvc - ok
22:56:16.0872 5340  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:56:16.0887 5340  DfsC - ok
22:56:16.0919 5340  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:56:16.0919 5340  Dhcp - ok
22:56:16.0919 5340  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:56:16.0919 5340  discache - ok
22:56:16.0950 5340  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:56:16.0965 5340  Disk - ok
22:56:16.0997 5340  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:56:17.0028 5340  Dnscache - ok
22:56:17.0043 5340  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:56:17.0075 5340  dot3svc - ok
22:56:17.0106 5340  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:56:17.0106 5340  DPS - ok
22:56:17.0121 5340  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:56:17.0153 5340  drmkaud - ok
22:56:17.0184 5340  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:56:17.0246 5340  DXGKrnl - ok
22:56:17.0293 5340  [ 72A1AA3C6C79B928D02A6FAD387B1349 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
22:56:17.0324 5340  eamonm - ok
22:56:17.0355 5340  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:56:17.0371 5340  EapHost - ok
22:56:17.0465 5340  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:56:17.0652 5340  ebdrv - ok
22:56:17.0683 5340  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:56:17.0699 5340  EFS - ok
22:56:17.0714 5340  [ E99457900012B53B2226F146ECAF9136 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
22:56:17.0745 5340  ehdrv - ok
22:56:17.0777 5340  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:56:17.0839 5340  ehRecvr - ok
22:56:17.0870 5340  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:56:17.0901 5340  ehSched - ok
22:56:17.0979 5340  [ 0A38BD2C9589910C634B10E644D5759C ] EhttpSrv        C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
22:56:17.0995 5340  EhttpSrv - ok
22:56:18.0042 5340  [ E6A6E6D58A8DCB64A0FFBC43863D0A80 ] ekrn            C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
22:56:18.0057 5340  ekrn - ok
22:56:18.0089 5340  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:56:18.0135 5340  elxstor - ok
22:56:18.0167 5340  [ F9D0D6A7A6D48391BE1F314EF7669CE2 ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
22:56:18.0198 5340  epfw - ok
22:56:18.0213 5340  [ 96620AD728144D8E30A7BAEC9DDC811C ] Epfwndis        C:\Windows\system32\DRIVERS\Epfwndis.sys
22:56:18.0260 5340  Epfwndis - ok
22:56:18.0291 5340  [ 16576F3A76F4D0DD83522D69B5EAFAA1 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
22:56:18.0323 5340  epfwwfp - ok
22:56:18.0338 5340  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:56:18.0369 5340  ErrDev - ok
22:56:18.0401 5340  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:56:18.0401 5340  EventSystem - ok
22:56:18.0416 5340  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:56:18.0479 5340  exfat - ok
22:56:18.0525 5340  [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP           C:\Windows\system32\DRIVERS\facap.sys
22:56:18.0572 5340  FACAP - ok
22:56:18.0650 5340  [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService       C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
22:56:18.0666 5340  FAService - ok
22:56:18.0681 5340  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:56:18.0728 5340  fastfat - ok
22:56:18.0775 5340  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:56:18.0791 5340  Fax - ok
22:56:18.0806 5340  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:56:18.0869 5340  fdc - ok
22:56:18.0900 5340  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:56:18.0900 5340  fdPHost - ok
22:56:18.0915 5340  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:56:18.0931 5340  FDResPub - ok
22:56:18.0947 5340  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:56:18.0978 5340  FileInfo - ok
22:56:19.0009 5340  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:56:19.0025 5340  Filetrace - ok
22:56:19.0040 5340  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:56:19.0056 5340  flpydisk - ok
22:56:19.0087 5340  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:56:19.0149 5340  FltMgr - ok
22:56:19.0181 5340  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:56:19.0196 5340  FontCache - ok
22:56:19.0243 5340  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:56:19.0243 5340  FontCache3.0.0.0 - ok
22:56:19.0274 5340  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:56:19.0305 5340  FsDepends - ok
22:56:19.0352 5340  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:56:19.0368 5340  Fs_Rec - ok
22:56:19.0461 5340  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:56:19.0461 5340  fvevol - ok
22:56:19.0493 5340  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:56:19.0555 5340  gagp30kx - ok
22:56:19.0633 5340  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:56:19.0695 5340  GEARAspiWDM - ok
22:56:19.0727 5340  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:56:19.0789 5340  gpsvc - ok
22:56:19.0805 5340  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:56:19.0820 5340  hcw85cir - ok
22:56:19.0867 5340  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:56:19.0898 5340  HdAudAddService - ok
22:56:19.0929 5340  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:56:19.0929 5340  HDAudBus - ok
22:56:19.0945 5340  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:56:19.0992 5340  HidBatt - ok
22:56:20.0023 5340  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:56:20.0054 5340  HidBth - ok
22:56:20.0070 5340  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:56:20.0117 5340  HidIr - ok
22:56:20.0148 5340  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:56:20.0148 5340  hidserv - ok
22:56:20.0195 5340  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:56:20.0210 5340  HidUsb - ok
22:56:20.0241 5340  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:56:20.0273 5340  hkmsvc - ok
22:56:20.0319 5340  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:56:20.0351 5340  HomeGroupListener - ok
22:56:20.0397 5340  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:56:20.0397 5340  HomeGroupProvider - ok
22:56:20.0444 5340  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:56:20.0460 5340  HpSAMD - ok
22:56:20.0522 5340  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:56:20.0522 5340  HTTP - ok
22:56:20.0553 5340  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:56:20.0553 5340  hwpolicy - ok
22:56:20.0585 5340  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:56:20.0616 5340  i8042prt - ok
22:56:20.0663 5340  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:56:20.0709 5340  iaStorV - ok
22:56:20.0741 5340  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:56:20.0865 5340  idsvc - ok
22:56:20.0897 5340  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:56:20.0912 5340  iirsp - ok
22:56:20.0959 5340  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:56:21.0021 5340  IKEEXT - ok
22:56:21.0037 5340  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:56:21.0053 5340  intelide - ok
22:56:21.0099 5340  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:56:21.0099 5340  intelppm - ok
22:56:21.0131 5340  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:56:21.0146 5340  IPBusEnum - ok
22:56:21.0177 5340  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:56:21.0193 5340  IpFilterDriver - ok
22:56:21.0224 5340  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:56:21.0224 5340  iphlpsvc - ok
22:56:21.0255 5340  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:56:21.0271 5340  IPMIDRV - ok
22:56:21.0287 5340  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:56:21.0318 5340  IPNAT - ok
22:56:21.0396 5340  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:56:21.0396 5340  iPod Service - ok
22:56:21.0411 5340  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:56:21.0427 5340  IRENUM - ok
22:56:21.0443 5340  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:56:21.0474 5340  isapnp - ok
22:56:21.0505 5340  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:56:21.0536 5340  iScsiPrt - ok
22:56:21.0567 5340  [ 9291643B494F87BFDAC95A524F69E737 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
22:56:21.0630 5340  itecir - ok
22:56:21.0661 5340  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:56:21.0677 5340  kbdclass - ok
22:56:21.0708 5340  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:56:21.0723 5340  kbdhid - ok
22:56:21.0723 5340  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:56:21.0723 5340  KeyIso - ok
22:56:21.0755 5340  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:56:21.0770 5340  KSecDD - ok
22:56:21.0801 5340  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:56:21.0817 5340  KSecPkg - ok
22:56:21.0833 5340  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:56:21.0848 5340  ksthunk - ok
22:56:21.0879 5340  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:56:21.0926 5340  KtmRm - ok
22:56:21.0957 5340  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:56:22.0004 5340  LanmanServer - ok
22:56:22.0051 5340  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:56:22.0067 5340  LanmanWorkstation - ok
22:56:22.0098 5340  [ B658B7076B1ACAA5876524595630F183 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:56:22.0129 5340  lirsgt - ok
22:56:22.0160 5340  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:56:22.0191 5340  lltdio - ok
22:56:22.0238 5340  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:56:22.0285 5340  lltdsvc - ok
22:56:22.0316 5340  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:56:22.0332 5340  lmhosts - ok
22:56:22.0347 5340  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:56:22.0379 5340  LSI_FC - ok
22:56:22.0394 5340  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:56:22.0425 5340  LSI_SAS - ok
22:56:22.0441 5340  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:56:22.0472 5340  LSI_SAS2 - ok
22:56:22.0503 5340  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:56:22.0535 5340  LSI_SCSI - ok
22:56:22.0535 5340  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:56:22.0550 5340  luafv - ok
22:56:22.0581 5340  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:56:22.0597 5340  Mcx2Svc - ok
22:56:22.0613 5340  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:56:22.0659 5340  megasas - ok
22:56:22.0675 5340  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:56:22.0722 5340  MegaSR - ok
22:56:22.0722 5340  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:56:22.0737 5340  MMCSS - ok
22:56:22.0753 5340  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:56:22.0769 5340  Modem - ok
22:56:22.0815 5340  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:56:22.0815 5340  monitor - ok
22:56:22.0847 5340  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:56:22.0862 5340  mouclass - ok
22:56:22.0862 5340  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:56:22.0878 5340  mouhid - ok
22:56:22.0909 5340  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:56:22.0909 5340  mountmgr - ok
22:56:22.0940 5340  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:56:22.0956 5340  mpio - ok
22:56:22.0971 5340  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:56:23.0003 5340  mpsdrv - ok
22:56:23.0034 5340  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:56:23.0096 5340  MpsSvc - ok
22:56:23.0143 5340  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:56:23.0205 5340  MRxDAV - ok
22:56:23.0221 5340  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:56:23.0252 5340  mrxsmb - ok
22:56:23.0283 5340  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:56:23.0346 5340  mrxsmb10 - ok
22:56:23.0377 5340  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:56:23.0408 5340  mrxsmb20 - ok
22:56:23.0439 5340  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:56:23.0455 5340  msahci - ok
22:56:23.0486 5340  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:56:23.0517 5340  msdsm - ok
22:56:23.0533 5340  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:56:23.0564 5340  MSDTC - ok
22:56:23.0580 5340  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:56:23.0595 5340  Msfs - ok
22:56:23.0611 5340  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:56:23.0627 5340  mshidkmdf - ok
22:56:23.0642 5340  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:56:23.0673 5340  msisadrv - ok
22:56:23.0705 5340  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:56:23.0720 5340  MSiSCSI - ok
22:56:23.0736 5340  msiserver - ok
22:56:23.0751 5340  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:56:23.0767 5340  MSKSSRV - ok
22:56:23.0783 5340  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:56:23.0798 5340  MSPCLOCK - ok
22:56:23.0814 5340  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:56:23.0829 5340  MSPQM - ok
22:56:23.0861 5340  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:56:23.0892 5340  MsRPC - ok
22:56:23.0907 5340  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:56:23.0907 5340  mssmbios - ok
22:56:23.0923 5340  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:56:23.0939 5340  MSTEE - ok
22:56:23.0954 5340  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:56:23.0954 5340  MTConfig - ok
22:56:23.0985 5340  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:56:24.0001 5340  Mup - ok
22:56:24.0048 5340  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:56:24.0048 5340  napagent - ok
22:56:24.0063 5340  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:56:24.0079 5340  NativeWifiP - ok
22:56:24.0095 5340  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:56:24.0110 5340  NDIS - ok
22:56:24.0126 5340  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:56:24.0157 5340  NdisCap - ok
22:56:24.0188 5340  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:56:24.0204 5340  NdisTapi - ok
22:56:24.0251 5340  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:56:24.0266 5340  Ndisuio - ok
22:56:24.0297 5340  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:56:24.0344 5340  NdisWan - ok
22:56:24.0375 5340  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:56:24.0407 5340  NDProxy - ok
22:56:24.0485 5340  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:56:24.0485 5340  Nero BackItUp Scheduler 4.0 - ok
22:56:24.0516 5340  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
22:56:24.0531 5340  Netaapl - ok
22:56:24.0547 5340  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:56:24.0578 5340  NetBIOS - ok
22:56:24.0609 5340  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:56:24.0625 5340  NetBT - ok
22:56:24.0625 5340  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:56:24.0625 5340  Netlogon - ok
22:56:24.0672 5340  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:56:24.0672 5340  Netman - ok
22:56:24.0687 5340  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:56:24.0687 5340  netprofm - ok
22:56:24.0719 5340  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:56:24.0719 5340  NetTcpPortSharing - ok
22:56:24.0797 5340  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
22:56:25.0077 5340  netw5v64 - ok
22:56:25.0124 5340  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:56:25.0171 5340  nfrd960 - ok
22:56:25.0218 5340  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:56:25.0218 5340  NlaSvc - ok
22:56:25.0233 5340  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:56:25.0265 5340  Npfs - ok
22:56:25.0265 5340  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:56:25.0280 5340  nsi - ok
22:56:25.0296 5340  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:56:25.0296 5340  nsiproxy - ok
22:56:25.0343 5340  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:56:25.0452 5340  Ntfs - ok
22:56:25.0499 5340  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:56:25.0514 5340  Null - ok
22:56:25.0577 5340  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
22:56:25.0639 5340  NVENETFD - ok
22:56:25.0811 5340  [ 6EF8C7A051804570000670800F6174FE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:56:26.0325 5340  nvlddmkm - ok
22:56:26.0388 5340  [ BD25E03EAD63AC3365F25175B4DBD56A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
22:56:26.0435 5340  NVNET - ok
22:56:26.0466 5340  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:56:26.0497 5340  nvraid - ok
22:56:26.0528 5340  [ 6F2D9D7F339F0C9EF358793F92BA3393 ] nvrd64          C:\Windows\system32\DRIVERS\nvrd64.sys
22:56:26.0528 5340  nvrd64 - ok
22:56:26.0559 5340  [ 61A59FB62864EB3F32D24985A505CE03 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
22:56:26.0559 5340  nvsmu - ok
22:56:26.0591 5340  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:56:26.0637 5340  nvstor - ok
22:56:26.0669 5340  [ A1578751D32B2CED76DCA2B20C2B22A5 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
22:56:26.0669 5340  nvstor64 - ok
22:56:26.0715 5340  [ 4094DFF204EE3CF902648F0F14B8D344 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:56:26.0715 5340  nvsvc - ok
22:56:26.0747 5340  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:56:26.0778 5340  nv_agp - ok
22:56:26.0825 5340  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:56:26.0903 5340  odserv - ok
22:56:26.0934 5340  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:56:26.0965 5340  ohci1394 - ok
22:56:26.0996 5340  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:56:26.0996 5340  ose - ok
22:56:27.0027 5340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:56:27.0059 5340  p2pimsvc - ok
22:56:27.0090 5340  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:56:27.0137 5340  p2psvc - ok
22:56:27.0152 5340  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:56:27.0199 5340  Parport - ok
22:56:27.0215 5340  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:56:27.0246 5340  partmgr - ok
22:56:27.0261 5340  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:56:27.0293 5340  PcaSvc - ok
22:56:27.0324 5340  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:56:27.0386 5340  pci - ok
22:56:27.0386 5340  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:56:27.0417 5340  pciide - ok
22:56:27.0433 5340  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:56:27.0495 5340  pcmcia - ok
22:56:27.0511 5340  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:56:27.0542 5340  pcw - ok
22:56:27.0558 5340  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:56:27.0636 5340  PEAUTH - ok
22:56:27.0667 5340  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:56:27.0776 5340  PeerDistSvc - ok
22:56:27.0870 5340  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:56:27.0870 5340  PerfHost - ok
22:56:27.0979 5340  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:56:28.0073 5340  pla - ok
22:56:28.0119 5340  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:56:28.0166 5340  PlugPlay - ok
22:56:28.0182 5340  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:56:28.0197 5340  PNRPAutoReg - ok
22:56:28.0213 5340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:56:28.0229 5340  PNRPsvc - ok
22:56:28.0260 5340  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:56:28.0260 5340  PolicyAgent - ok
22:56:28.0275 5340  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:56:28.0338 5340  Power - ok
22:56:28.0385 5340  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:56:28.0447 5340  PptpMiniport - ok
22:56:28.0494 5340  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:56:28.0509 5340  Processor - ok
22:56:28.0541 5340  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:56:28.0587 5340  ProfSvc - ok
22:56:28.0587 5340  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:56:28.0587 5340  ProtectedStorage - ok
22:56:28.0619 5340  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:56:28.0634 5340  Psched - ok
22:56:28.0681 5340  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:56:28.0775 5340  ql2300 - ok
22:56:28.0806 5340  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:56:28.0821 5340  ql40xx - ok
22:56:28.0837 5340  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:56:28.0868 5340  QWAVE - ok
22:56:28.0884 5340  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:56:28.0915 5340  QWAVEdrv - ok
22:56:28.0915 5340  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:56:28.0946 5340  RasAcd - ok
22:56:28.0977 5340  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:56:28.0993 5340  RasAgileVpn - ok
22:56:29.0009 5340  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:56:29.0024 5340  RasAuto - ok
22:56:29.0055 5340  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:56:29.0087 5340  Rasl2tp - ok
22:56:29.0118 5340  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:56:29.0165 5340  RasMan - ok
22:56:29.0180 5340  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:56:29.0196 5340  RasPppoe - ok
22:56:29.0211 5340  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:56:29.0243 5340  RasSstp - ok
22:56:29.0258 5340  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:56:29.0289 5340  rdbss - ok
22:56:29.0305 5340  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:56:29.0336 5340  rdpbus - ok
22:56:29.0352 5340  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:56:29.0352 5340  RDPCDD - ok
22:56:29.0383 5340  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:56:29.0430 5340  RDPDR - ok
22:56:29.0445 5340  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:56:29.0445 5340  RDPENCDD - ok
22:56:29.0461 5340  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:56:29.0461 5340  RDPREFMP - ok
22:56:29.0492 5340  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:56:29.0539 5340  RDPWD - ok
22:56:29.0570 5340  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:56:29.0601 5340  rdyboost - ok
22:56:29.0633 5340  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:56:29.0648 5340  RemoteAccess - ok
22:56:29.0679 5340  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:56:29.0695 5340  RemoteRegistry - ok
22:56:29.0726 5340  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:56:29.0757 5340  RFCOMM - ok
22:56:29.0804 5340  [ 8CFCA7E2FD4B57C2BEF929C1C1A4C56E ] RichVideo       C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
22:56:29.0820 5340  RichVideo - ok
22:56:29.0835 5340  [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
22:56:29.0851 5340  rimmptsk - ok
22:56:29.0867 5340  [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
22:56:29.0898 5340  rimsptsk - ok
22:56:29.0898 5340  [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
22:56:29.0945 5340  rismxdp - ok
22:56:29.0976 5340  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:56:29.0991 5340  RpcEptMapper - ok
22:56:29.0991 5340  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:56:30.0007 5340  RpcLocator - ok
22:56:30.0038 5340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:56:30.0054 5340  RpcSs - ok
22:56:30.0069 5340  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:56:30.0085 5340  rspndr - ok
22:56:30.0132 5340  [ D2CEFF3BEFE9C468717B6BB7FA4A5E44 ] RzSynapse       C:\Windows\system32\DRIVERS\RzSynapse.sys
22:56:30.0163 5340  RzSynapse - ok
22:56:30.0194 5340  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:56:30.0194 5340  s3cap - ok
22:56:30.0210 5340  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:56:30.0210 5340  SamSs - ok
22:56:30.0241 5340  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:56:30.0272 5340  sbp2port - ok
22:56:30.0288 5340  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:56:30.0303 5340  SCardSvr - ok
22:56:30.0335 5340  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:56:30.0366 5340  scfilter - ok
22:56:30.0397 5340  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:56:30.0475 5340  Schedule - ok
22:56:30.0506 5340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:56:30.0506 5340  SCPolicySvc - ok
22:56:30.0537 5340  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
22:56:30.0553 5340  sdbus - ok
22:56:30.0569 5340  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:56:30.0600 5340  SDRSVC - ok
22:56:30.0615 5340  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:56:30.0647 5340  secdrv - ok
22:56:30.0678 5340  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:56:30.0693 5340  seclogon - ok
22:56:30.0709 5340  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:56:30.0725 5340  SENS - ok
22:56:30.0725 5340  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:56:30.0740 5340  SensrSvc - ok
22:56:30.0756 5340  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:56:30.0787 5340  Serenum - ok
22:56:30.0803 5340  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:56:30.0881 5340  Serial - ok
22:56:30.0896 5340  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:56:30.0927 5340  sermouse - ok
22:56:31.0005 5340  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:56:31.0021 5340  SessionEnv - ok
22:56:31.0052 5340  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:56:31.0068 5340  sffdisk - ok
22:56:31.0083 5340  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:56:31.0115 5340  sffp_mmc - ok
22:56:31.0130 5340  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:56:31.0130 5340  sffp_sd - ok
22:56:31.0146 5340  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:56:31.0177 5340  sfloppy - ok
22:56:31.0208 5340  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:56:31.0255 5340  SharedAccess - ok
22:56:31.0286 5340  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:56:31.0317 5340  ShellHWDetection - ok
22:56:31.0333 5340  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:56:31.0380 5340  SiSRaid2 - ok
22:56:31.0395 5340  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:56:31.0411 5340  SiSRaid4 - ok
22:56:31.0473 5340  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:56:31.0473 5340  SkypeUpdate - ok
22:56:31.0489 5340  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:56:31.0505 5340  Smb - ok
22:56:31.0520 5340  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:56:31.0536 5340  SNMPTRAP - ok
22:56:31.0551 5340  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:56:31.0567 5340  spldr - ok
22:56:31.0598 5340  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:56:31.0645 5340  Spooler - ok
22:56:31.0707 5340  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:56:31.0879 5340  sppsvc - ok
22:56:31.0926 5340  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:56:31.0941 5340  sppuinotify - ok
22:56:31.0973 5340  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:56:32.0051 5340  srv - ok
22:56:32.0082 5340  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:56:32.0129 5340  srv2 - ok
22:56:32.0144 5340  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:56:32.0160 5340  srvnet - ok
22:56:32.0191 5340  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:56:32.0191 5340  SSDPSRV - ok
22:56:32.0207 5340  SSHDRV76 - ok
22:56:32.0222 5340  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:56:32.0238 5340  SstpSvc - ok
22:56:32.0300 5340  [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe
22:56:32.0300 5340  STacSV - ok
22:56:32.0316 5340  Steam Client Service - ok
22:56:32.0331 5340  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:56:32.0347 5340  stexstor - ok
22:56:32.0363 5340  [ 02E784FA49032F84964DB90A3ED81890 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
22:56:32.0409 5340  STHDA - ok
22:56:32.0441 5340  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:56:32.0487 5340  stisvc - ok
22:56:32.0519 5340  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:56:32.0534 5340  storflt - ok
22:56:32.0550 5340  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
22:56:32.0565 5340  StorSvc - ok
22:56:32.0643 5340  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:56:32.0675 5340  storvsc - ok
22:56:32.0706 5340  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:56:32.0721 5340  swenum - ok
22:56:32.0753 5340  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:56:32.0799 5340  swprv - ok
22:56:32.0831 5340  [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:56:32.0862 5340  SynTP - ok
22:56:32.0924 5340  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:56:32.0924 5340  SysMain - ok
22:56:32.0955 5340  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:56:32.0987 5340  TabletInputService - ok
22:56:33.0018 5340  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:56:33.0049 5340  TapiSrv - ok
22:56:33.0065 5340  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:56:33.0080 5340  TBS - ok
22:56:33.0127 5340  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:56:33.0236 5340  Tcpip - ok
22:56:33.0252 5340  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:56:33.0267 5340  TCPIP6 - ok
22:56:33.0283 5340  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:56:33.0299 5340  tcpipreg - ok
22:56:33.0314 5340  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:56:33.0345 5340  TDPIPE - ok
22:56:33.0361 5340  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:56:33.0377 5340  TDTCP - ok
22:56:33.0423 5340  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:56:33.0455 5340  tdx - ok
22:56:33.0470 5340  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:56:33.0501 5340  TermDD - ok
22:56:33.0517 5340  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:56:33.0579 5340  TermService - ok
22:56:33.0595 5340  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:56:33.0611 5340  Themes - ok
22:56:33.0626 5340  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:56:33.0626 5340  THREADORDER - ok
22:56:33.0657 5340  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:56:33.0673 5340  TrkWks - ok
22:56:33.0720 5340  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:56:33.0720 5340  TrustedInstaller - ok
22:56:33.0751 5340  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:56:33.0767 5340  tssecsrv - ok
22:56:33.0813 5340  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:56:33.0845 5340  TsUsbFlt - ok
22:56:33.0891 5340  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:56:33.0891 5340  tunnel - ok
22:56:33.0907 5340  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:56:33.0938 5340  uagp35 - ok
22:56:33.0969 5340  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:56:34.0001 5340  udfs - ok
22:56:34.0016 5340  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:56:34.0016 5340  UI0Detect - ok
22:56:34.0032 5340  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:56:34.0063 5340  uliagpkx - ok
22:56:34.0110 5340  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:56:34.0125 5340  umbus - ok
22:56:34.0141 5340  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:56:34.0172 5340  UmPass - ok
22:56:34.0188 5340  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
22:56:34.0203 5340  UmRdpService - ok
22:56:34.0219 5340  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:56:34.0250 5340  upnphost - ok
22:56:34.0281 5340  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:56:34.0328 5340  USBAAPL64 - ok
22:56:34.0359 5340  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:56:34.0391 5340  usbaudio - ok
22:56:34.0406 5340  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:56:34.0437 5340  usbccgp - ok
22:56:34.0469 5340  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:56:34.0500 5340  usbcir - ok
22:56:34.0515 5340  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:56:34.0547 5340  usbehci - ok
22:56:34.0562 5340  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:56:34.0609 5340  usbhub - ok
22:56:34.0640 5340  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:56:34.0656 5340  usbohci - ok
22:56:34.0671 5340  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:56:34.0703 5340  usbprint - ok
22:56:34.0734 5340  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:56:34.0765 5340  USBSTOR - ok
22:56:34.0796 5340  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:56:34.0796 5340  usbuhci - ok
22:56:34.0843 5340  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:56:34.0890 5340  usbvideo - ok
22:56:34.0890 5340  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:56:34.0905 5340  UxSms - ok
22:56:34.0937 5340  [ 18436F7006443FB76145B3D35162A810 ] VaneFltr        C:\Windows\system32\drivers\Lachesis.sys
22:56:34.0952 5340  VaneFltr - ok
22:56:34.0968 5340  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:56:34.0968 5340  VaultSvc - ok
22:56:34.0983 5340  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:56:35.0015 5340  vdrvroot - ok
22:56:35.0061 5340  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:56:35.0124 5340  vds - ok
22:56:35.0139 5340  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:56:35.0155 5340  vga - ok
22:56:35.0186 5340  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:56:35.0202 5340  VgaSave - ok
22:56:35.0233 5340  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:56:35.0264 5340  vhdmp - ok
22:56:35.0280 5340  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:56:35.0311 5340  viaide - ok
22:56:35.0342 5340  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:56:35.0405 5340  vmbus - ok
22:56:35.0420 5340  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:56:35.0451 5340  VMBusHID - ok
22:56:35.0451 5340  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:56:35.0498 5340  volmgr - ok
22:56:35.0529 5340  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:56:35.0529 5340  volmgrx - ok
22:56:35.0545 5340  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:56:35.0592 5340  volsnap - ok
22:56:35.0623 5340  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:56:35.0654 5340  vsmraid - ok
22:56:35.0701 5340  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:56:35.0826 5340  VSS - ok
22:56:35.0841 5340  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:56:35.0873 5340  vwifibus - ok
22:56:35.0935 5340  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:56:35.0951 5340  vwififlt - ok
22:56:35.0966 5340  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:56:35.0966 5340  vwifimp - ok
22:56:35.0997 5340  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:56:36.0029 5340  W32Time - ok
22:56:36.0044 5340  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:56:36.0060 5340  WacomPen - ok
22:56:36.0075 5340  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:56:36.0107 5340  WANARP - ok
22:56:36.0107 5340  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:56:36.0122 5340  Wanarpv6 - ok
22:56:36.0169 5340  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:56:36.0263 5340  WatAdminSvc - ok
22:56:36.0309 5340  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:56:36.0419 5340  wbengine - ok
22:56:36.0450 5340  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:56:36.0465 5340  WbioSrvc - ok
22:56:36.0497 5340  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:56:36.0528 5340  wcncsvc - ok
22:56:36.0543 5340  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:56:36.0559 5340  WcsPlugInService - ok
22:56:36.0559 5340  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:56:36.0575 5340  Wd - ok
22:56:36.0621 5340  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:56:36.0684 5340  Wdf01000 - ok
22:56:36.0699 5340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:56:36.0699 5340  WdiServiceHost - ok
22:56:36.0699 5340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:56:36.0699 5340  WdiSystemHost - ok
22:56:36.0731 5340  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:56:36.0777 5340  WebClient - ok
22:56:36.0793 5340  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:56:36.0809 5340  Wecsvc - ok
22:56:36.0824 5340  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:56:36.0840 5340  wercplsupport - ok
22:56:36.0855 5340  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:56:36.0855 5340  WerSvc - ok
22:56:36.0871 5340  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:56:36.0902 5340  WfpLwf - ok
22:56:36.0949 5340  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
22:56:36.0980 5340  WimFltr - ok
22:56:36.0996 5340  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:56:37.0027 5340  WIMMount - ok
22:56:37.0043 5340  WinDefend - ok
22:56:37.0043 5340  WinHttpAutoProxySvc - ok
22:56:37.0089 5340  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:56:37.0136 5340  Winmgmt - ok
22:56:37.0199 5340  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files\OSD\WinRing0x64.sys
22:56:37.0199 5340  WinRing0_1_2_0 - ok
22:56:37.0245 5340  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:56:37.0370 5340  WinRM - ok
22:56:37.0417 5340  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:56:37.0448 5340  WinUsb - ok
22:56:37.0479 5340  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:56:37.0479 5340  Wlansvc - ok
22:56:37.0511 5340  [ 6DB47E66DCCF04342C5F2A67A0EDB17E ] wltrysvc        C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
22:56:37.0511 5340  wltrysvc - ok
22:56:37.0557 5340  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:56:37.0573 5340  WmiAcpi - ok
22:56:37.0604 5340  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:56:37.0635 5340  wmiApSrv - ok
22:56:37.0651 5340  WMPNetworkSvc - ok
22:56:37.0667 5340  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:56:37.0682 5340  WPCSvc - ok
22:56:37.0713 5340  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:56:37.0713 5340  WPDBusEnum - ok
22:56:37.0729 5340  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:56:37.0745 5340  ws2ifsl - ok
22:56:37.0760 5340  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:56:37.0776 5340  wscsvc - ok
22:56:37.0791 5340  WSearch - ok
22:56:37.0838 5340  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:56:37.0854 5340  wuauserv - ok
22:56:37.0885 5340  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:56:37.0901 5340  WudfPf - ok
22:56:37.0932 5340  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:56:37.0947 5340  WUDFRd - ok
22:56:37.0979 5340  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:56:37.0979 5340  wudfsvc - ok
22:56:37.0994 5340  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:56:38.0025 5340  WwanSvc - ok
22:56:38.0041 5340  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
22:56:38.0103 5340  yukonw7 - ok
22:56:38.0181 5340  [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
22:56:38.0197 5340  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
22:56:38.0197 5340  ================ Scan global ===============================
22:56:38.0213 5340  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:56:38.0259 5340  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:56:38.0291 5340  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:56:38.0306 5340  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:56:38.0337 5340  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:56:38.0369 5340  [Global] - ok
22:56:38.0369 5340  ================ Scan MBR ==================================
22:56:38.0384 5340  [ 45D5AEAA31FCDCC6A130BBF88C915990 ] \Device\Harddisk0\DR0
22:56:38.0883 5340  \Device\Harddisk0\DR0 - ok
22:56:38.0883 5340  ================ Scan VBR ==================================
22:56:38.0883 5340  [ 781C3B652F94AE079075D38E20BCFA6C ] \Device\Harddisk0\DR0\Partition1
22:56:38.0883 5340  \Device\Harddisk0\DR0\Partition1 - ok
22:56:38.0883 5340  ============================================================
22:56:38.0883 5340  Scan finished
22:56:38.0883 5340  ============================================================
22:56:38.0899 5328  Detected object count: 0
22:56:38.0899 5328  Actual detected object count: 0
         
Viele Grüsse!
__________________

Alt 23.11.2012, 08:15   #4
Psychotic
/// Malwareteam
 
Cybercrime Investigation Virus 735b... - Standard

Cybercrime Investigation Virus 735b...



Sieht so aus, als hättest du Glück gehabt!

Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig

  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 28.11.2012, 15:23   #5
Psychotic
/// Malwareteam
 
Cybercrime Investigation Virus 735b... - Standard

Cybercrime Investigation Virus 735b...



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.12.2012, 08:34   #6
Psychotic
/// Malwareteam
 
Cybercrime Investigation Virus 735b... - Standard

Cybercrime Investigation Virus 735b...



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
--> Cybercrime Investigation Virus 735b...

Antwort

Themen zu Cybercrime Investigation Virus 735b...
abgesicherte, access, administrator, aktion, alienware, anti-malware, autostart, bösartige, dateien, eset smart security, explorer, files, gefunde, gen, install.exe, launch, log, microsoft, minute, office 2007, registrierung, service, software, speicher, users, version, verzeichnisse, virus, vollständiger, zusammen



Ähnliche Themen: Cybercrime Investigation Virus 735b...


  1. Wieder cybercrime investigation department
    Plagegeister aller Art und deren Bekämpfung - 26.05.2013 (33)
  2. cybercrime investigation schweizerische Eidg. Hilfe
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (18)
  3. Polizei / Cybercrime Investigation Departement Virus
    Log-Analyse und Auswertung - 20.02.2013 (25)
  4. Schweiz. Eidgenossenschaft Polizei Cybercrime Investigation Department Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (14)
  5. Cybercrime investigation department Schweizer Eidgenossenschaft
    Log-Analyse und Auswertung - 19.01.2013 (14)
  6. Cybercrime Investigation Department Virus Schweiz
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (31)
  7. Cybercrime Investigation Virus
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (22)
  8. Trojaner Polizei cybercrime investigation departement
    Log-Analyse und Auswertung - 08.11.2012 (3)
  9. Cybercrime investigation department österreich malware
    Log-Analyse und Auswertung - 07.10.2012 (3)
  10. Cybercrime Investigation Österreich
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (5)
  11. Cybercrime investigation department österreich malware
    Log-Analyse und Auswertung - 14.09.2012 (9)
  12. Cybercrime Investigation Department - PC gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (3)
  13. Polizei Cybercrime Investigation
    Log-Analyse und Auswertung - 11.09.2012 (7)
  14. Cybercrime investigation department österreich
    Log-Analyse und Auswertung - 29.08.2012 (3)
  15. Cybercrime Investigation Department Virus/Malware
    Log-Analyse und Auswertung - 14.08.2012 (4)
  16. Cybercrime investigation department MALWARE
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (31)
  17. Cybercrime investigation department, Maleware
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)

Zum Thema Cybercrime Investigation Virus 735b... - Huhu Zusammen, mich hat es leider auch erwischt... Anbei mal meine Log Files: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.21.09 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer - Cybercrime Investigation Virus 735b......
Archiv
Du betrachtest: Cybercrime Investigation Virus 735b... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.