Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Musik im Hintergrund wenn Browser offen ist WIN7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.03.2013, 18:16   #1
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Hallo liebe Community,

Ich vermute,dass mein Rechner mit einem Virus infiziert ist, da ich durch die SuFu einen User gefunden habe, welcher dasselbe bzw ein ähnliches Problem hatte (http://www.trojaner-board.de/124178-...-platinum.html).
Und zwar erscheint immer komische Musik oder Werbung für einen Lamborghini im Hintergrund sobald ich einen Browser öffne. Egal ob Firefox, IE, Chrome oder Opera.
Angefangen hat alles vor ca 4 Tagen, als ich mir bei thepiratebay etwas runtergeladen habe.

Ich selbst kenne mich überhaupt nicht mit Viren oder ähnlichem aus. Ich wäre wirklich dankbar für eure Hilfe!!



Lieber Gruß

txea


#e habe jetzt ein paar Sachen drüber laufen lassen, welche ich angehängt habe (die OTL log kann ich nicht anhängen,er sagt mir sie ist zu groß mit 102kb)

Geändert von txea (13.03.2013 um 19:00 Uhr)

Alt 13.03.2013, 19:15   #2
aharonov
/// TB-Ausbilder
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Hallo txea,

Zitat:
als ich mir bei thepiratebay etwas runtergeladen habe.
Dort etwas runterzuladen ist wirklich nicht besonders schlau (wie du jetzt wohl selbst bemerkt hast).
Was hast du dort genau heruntergeladen? (Beim Vorhandensein von illegaler Software stellen wir hier den Support jeweils ein.)

Zitat:
die OTL log kann ich nicht anhängen
Die Logfiles bitte nicht anhängen, sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].
__________________

__________________

Alt 13.03.2013, 19:41   #3
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



ich weiß nicht was das war, ein User mit dem ich ein Onlinespiel zusammen spiele meinte ich soll mir das mal laden und sagen wie ich es finde. Er hat mir den Link geschickt ich habe es geladen und geöffnet, jedoch ist nichts passiert. Ich kannte diese Seite ja nicht, also wusste ich nicht, dass das schädlich für meinen PC sein könnte.
Code:
ATTFilter
OTL logfile created on: 13.03.2013 18:46:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JEEZY\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 34,09% Memory free
6,98 Gb Paging File | 4,27 Gb Available in Paging File | 61,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,53 Gb Total Space | 10,48 Gb Free Space | 17,61% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1273,62 Gb Free Space | 91,15% Space Free | Partition Type: NTFS
 
Computer Name: JEEZY1 | User Name: JEEZY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe
PRC - [2013.03.09 15:33:09 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2013.03.08 18:47:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013.02.21 19:48:23 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.02.15 17:23:57 | 000,879,456 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () -- D:\Program Files\EslWire\service\WireHelperSvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.02 15:28:56 | 000,361,216 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.09 15:33:08 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013.03.08 18:47:49 | 003,069,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.02.15 17:23:59 | 000,835,584 | ---- | M] () -- C:\Programme\Opera\gstreamer\gstreamer.dll
MOD - [2013.02.15 17:23:59 | 000,312,832 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013.02.15 17:23:59 | 000,158,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013.02.15 17:23:59 | 000,101,888 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013.02.15 17:23:59 | 000,096,256 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013.02.15 17:23:59 | 000,094,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013.02.15 17:23:59 | 000,093,696 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013.02.15 17:23:59 | 000,073,728 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013.02.15 17:23:59 | 000,067,072 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013.02.15 17:23:59 | 000,062,976 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013.02.15 17:23:59 | 000,057,344 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013.02.15 17:23:59 | 000,038,912 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.09 15:33:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.02.22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () [Auto | Running] -- D:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.09 18:06:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.07 22:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.02 15:28:56 | 000,361,216 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe -- (AVP)
SRV - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JEEZY\AppData\Local\Temp\fwldypow.sys -- (fwldypow)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.12.17 11:38:54 | 000,867,344 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.08 02:51:30 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2012.04.06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.11.06 03:06:37 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.08.03 09:58:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011.06.02 10:32:50 | 000,317,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2011.06.02 10:32:50 | 000,101,352 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2011.03.03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (VLAN)
DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM)
DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV - [2010.01.14 21:26:34 | 000,033,056 | R--- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114026&tt=0113_6&babsrc=HP_ss&mntrId=6ee7012200000000000000ff5ef94524
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 36 37 4F F0 9B CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114026&tt=0113_6&babsrc=SP_ss&mntrId=6ee7012200000000000000ff5ef94524
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\firejump@firejump.net [2012.05.05 10:39:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2011.11.05 20:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Extensions
[2013.03.06 18:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions
[2012.07.27 05:34:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.05 10:39:55 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\firejump@firejump.net
[2013.03.06 18:05:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\ich@maltegoetz.de
[2013.02.23 09:37:18 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\toolbar@web.de
[2012.11.02 14:56:01 | 000,077,464 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@billiger.de.xpi
[2012.08.26 18:58:28 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@icq.de.xpi
[2012.12.30 19:54:44 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2013.02.20 16:59:09 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013.01.04 01:01:31 | 000,002,432 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\searchplugins\babylon1.xml
[2013.03.11 17:57:09 | 000,000,950 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\searchplugins\icqplugin-1.xml
[2012.12.28 18:07:17 | 000,001,056 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\searchplugins\icqplugin.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.10.06 08:09:09 | 000,001,297 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 255.255.255.255    easyanticheat.se    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.se    # misleading site
O1 - Hosts: 255.255.255.255    easyanticheat.com    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.com    # misleading site
O1 - Hosts: 255.255.255.255    easyanticheat.info    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.info    # misleading site
O1 - Hosts: 255.255.255.255    easyanticheat.org    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.org    # misleading site
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [RoccatKone+] D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [speedvid] C:\Programme\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe (SpeedVID Accelerator)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Irsacu] C:\Users\JEEZY\AppData\Roaming\Doelna\zaesw.exe File not found
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JEEZY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ie_banner_deny.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EF94524-B58F-4D8C-AEA3-40728AEDA34B}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7072BE6F-DBB1-44D3-B0BB-C77C59CD5E1D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\kloehk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 18:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe
[2013.03.13 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Malwarebytes
[2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.13 18:33:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.13 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield
[2013.03.13 06:20:17 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{848EEA9D-93E2-43B9-9066-7E75167CACD3}
[2013.03.12 16:58:51 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{32E2F4BE-C239-4610-90D5-DB1C2B5192F5}
[2013.03.11 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B6D04BA0-AFD9-49C5-BF6C-1027C06748DC}
[2013.03.10 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{282767F1-8AD9-4C73-8EBB-2D15A43576FF}
[2013.03.10 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{5479D843-A6C6-499F-B831-8439DC0343F0}
[2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\ManiaPlanet
[2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2013.03.09 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\Macromedia
[2013.03.09 15:32:34 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\My Games
[2013.03.09 08:58:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{13270695-25BD-405A-8774-D38B516E5E83}
[2013.03.08 18:45:49 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{59F27150-C4D8-4104-AA02-4031C255E7E1}
[2013.03.08 06:45:26 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D6844212-8BAC-4CC2-9735-62A8FBCC5ADB}
[2013.03.07 15:41:37 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{08EDF804-C6F4-4E91-B1B7-FEB2A8868967}
[2013.03.06 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{BE657D5D-9BF8-48B4-8EDF-F2EA353F52E6}
[2013.03.05 16:59:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{62AC2EA0-53FD-4737-A63A-2D3CBC2D942C}
[2013.03.04 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
[2013.03.04 12:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN
[2013.03.04 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{EF5457BC-169F-4FBC-BC84-B55AF0D3121C}
[2013.03.03 08:24:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F619A86A-58C1-4349-BB29-2E1279B144AC}
[2013.03.02 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Desktop\xyyy
[2013.03.02 08:28:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{088675A9-A353-4668-9545-4C9F27DDA4DE}
[2013.03.01 08:35:24 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B7476F08-1590-4474-88D9-6B982928F6E2}
[2013.02.28 19:41:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{42A4BC10-74EB-45B6-94AE-7C2F6A1C732E}
[2013.02.27 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{34A76B59-87F8-4BFB-B7F4-A8488C42C72E}
[2013.02.27 06:40:19 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{E4C6DE94-3463-445E-954C-08ACC884A93D}
[2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.26 07:54:05 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{038F85B3-0437-4E06-A222-A427311832A9}
[2013.02.25 06:50:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91906DC9-2545-42C0-B135-DB8C6D331F1D}
[2013.02.24 08:10:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91FC1C01-7701-4E05-B87C-DD532124857E}
[2013.02.23 09:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.23 09:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.02.23 09:17:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F851713B-47CA-4933-8BAC-BC98712AC615}
[2013.02.22 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D49FBA95-891A-425D-8B57-63AC5E26B008}
[2013.02.22 02:50:36 | 000,037,064 | ---- | C] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys
[2013.02.22 02:37:16 | 000,040,136 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
[2013.02.21 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{343FEAC0-1A8E-41B8-BE61-363F91E05904}
[2013.02.20 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{FA038185-FBE0-49E2-9F3D-FA589DDA95D3}
[2013.02.19 16:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{6A946F5A-10A0-4379-B8F1-1F78BA520192}
[2013.02.18 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{DAA566C7-8CFD-4C08-B3BE-CBC73A0856BB}
[2013.02.17 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{3E84B599-8ABD-45BA-AB21-FCC2C4A37270}
[2013.02.16 08:36:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{324900D5-BD35-480C-B97B-89D6B0664098}
[2013.02.15 08:35:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{A40328DD-F743-4E8B-AE67-1EB46DEAB0E3}
[2013.02.14 09:09:16 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{4A30E1E7-47CC-4690-84D7-725D630FA3B6}
[2013.02.13 10:18:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{96CE90C5-7938-475F-BC15-5DCA1769F815}
[2013.02.12 07:46:55 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{54A83F81-6F4F-4FC3-AD56-5B4FB5BC60E2}
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe
[2013.03.13 18:33:34 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.13 18:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 17:53:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.13 17:07:30 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 17:07:30 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 17:05:00 | 007,894,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.13 17:05:00 | 002,732,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.13 17:05:00 | 002,378,514 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.13 17:05:00 | 002,126,820 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.13 16:59:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.13 16:59:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 16:59:12 | 2810,097,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.12 19:36:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000UA.job
[2013.03.11 20:35:38 | 000,082,828 | ---- | M] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg
[2013.03.09 16:52:12 | 000,000,216 | ---- | M] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url
[2013.03.09 16:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000Core.job
[2013.03.09 10:38:29 | 000,001,278 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.03.05 17:54:06 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.04 11:28:18 | 000,019,985 | ---- | M] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg
[2013.03.03 10:44:43 | 000,362,063 | ---- | M] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg
[2013.03.03 10:27:32 | 000,076,290 | ---- | M] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg
[2013.02.26 16:34:22 | 000,013,359 | ---- | M] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg
[2013.02.26 16:32:03 | 000,004,304 | ---- | M] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg
[2013.02.26 16:22:41 | 000,007,573 | ---- | M] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg
[2013.02.26 16:19:13 | 000,007,185 | ---- | M] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg
[2013.02.26 16:15:23 | 000,014,462 | ---- | M] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg
[2013.02.23 09:37:02 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys
[2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
[2013.02.14 17:53:45 | 029,241,680 | ---- | M] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav
[2013.02.14 16:53:48 | 008,559,440 | ---- | M] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav
[2013.02.13 15:35:38 | 000,269,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.13 18:33:34 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.11 20:35:38 | 000,082,828 | ---- | C] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg
[2013.03.09 16:52:12 | 000,000,216 | ---- | C] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url
[2013.03.09 15:33:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.04 11:28:16 | 000,019,985 | ---- | C] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg
[2013.03.03 10:44:43 | 000,362,063 | ---- | C] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg
[2013.03.03 10:27:31 | 000,076,290 | ---- | C] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg
[2013.02.26 16:34:21 | 000,013,359 | ---- | C] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg
[2013.02.26 16:32:02 | 000,004,304 | ---- | C] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg
[2013.02.26 16:22:40 | 000,007,573 | ---- | C] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg
[2013.02.26 16:19:13 | 000,007,185 | ---- | C] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg
[2013.02.26 16:15:21 | 000,014,462 | ---- | C] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg
[2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.14 17:51:13 | 029,241,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav
[2013.02.14 16:53:02 | 008,559,440 | ---- | C] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav
[2012.11.25 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.11.18 03:01:11 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.12 14:24:53 | 000,944,720 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_12_15_24_50.wav
[2012.10.11 19:31:18 | 079,175,120 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_11_20_31_10.wav
[2012.08.15 20:48:17 | 038,559,440 | ---- | C] () -- C:\Users\JEEZY\meilenstein nilson.wav
[2012.07.13 21:40:35 | 117,982,160 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_07_13_22_40_33.wav
[2012.07.10 19:26:29 | 000,005,120 | ---- | C] () -- C:\Users\JEEZY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.01 17:47:15 | 006,754,640 | ---- | C] () -- C:\Users\JEEZY\LORUS.wav
[2012.06.21 22:12:40 | 013,499,600 | ---- | C] () -- C:\Users\JEEZY\snt.wav
[2012.04.24 16:04:48 | 000,716,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_24_17_4_47.wav
[2012.04.13 17:29:25 | 000,612,560 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_13_18_29_23.wav
[2012.04.12 22:16:55 | 001,036,880 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_12_23_16_54.wav
[2012.04.09 20:03:07 | 023,005,520 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_09_21_3_5.wav
[2012.03.11 16:38:16 | 044,995,280 | ---- | C] () -- C:\Users\JEEZY\singen.wav
[2012.02.20 19:59:46 | 001,772,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_20_19_59_44.wav
[2012.02.16 21:56:54 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.02.12 19:03:50 | 023,913,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_12_19_3_48.wav
[2011.12.30 04:46:42 | 053,118,764 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_11_12_30_4_46_40.wav
[2011.12.14 19:39:22 | 000,141,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.12.14 19:39:22 | 000,138,056 | ---- | C] () -- C:\Users\JEEZY\AppData\Roaming\PnkBstrK.sys
[2011.12.14 19:38:56 | 000,281,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.12.14 19:38:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.12.10 17:12:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.07 18:01:44 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.11.06 21:08:31 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.11.06 03:06:54 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.11.06 03:06:54 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.11.05 20:54:30 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.11.05 20:24:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.11.05 20:21:21 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.11.05 20:20:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.05 20:20:15 | 000,028,578 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.14 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Alxase
[2013.01.04 01:01:13 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Babylon
[2011.11.05 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\DAEMON Tools Pro
[2012.02.16 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\DesktopIconForAmazon
[2012.08.14 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Doelna
[2013.03.13 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Dropbox
[2012.11.09 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\FileZilla
[2012.07.20 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\fltk.org
[2013.03.12 20:05:18 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\HLSW
[2013.03.13 18:06:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield
[2013.03.13 16:59:28 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ICQ
[2012.02.20 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\java
[2012.02.18 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\LolClient
[2012.08.14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Matii
[2012.12.15 23:36:19 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Opera
[2012.08.12 16:53:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Publish Providers
[2012.02.09 16:18:16 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Screaming Bee
[2012.08.12 16:53:03 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Sony
[2012.07.27 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\SplitMediaLabs
[2012.02.20 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TeamViewer
[2012.02.12 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Teeworlds
[2013.03.13 18:46:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TS3Client
[2011.11.06 02:40:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ts3overlay
 
========== Purity Check ==========


< End of report >
         
e# Mein GMER scannt schon eine halbe ewigkeit. Ich lade es hoch sobald es fertig ist.
__________________

Geändert von txea (13.03.2013 um 19:46 Uhr)

Alt 13.03.2013, 20:02   #4
aharonov
/// TB-Ausbilder
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Zitat:
Mein GMER scannt schon eine halbe ewigkeit. Ich lade es hoch sobald es fertig ist.
In Ordnung, sobald das Gmer-Log da ist, geht's weiter.
__________________
cheers,
Leo

Alt 14.03.2013, 05:57   #5
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Guten Morgen aharonov,

nachdem GMER nach 5h noch nicht fertig war, habe ich es über Nacht laufen lassen. Als ich heute früh an den Rechner
um zu schauen wie weit es ist, habe ich bemerkt das er sich neugestartet hatte. Auf dem Desktop sind nun 2 versteckte
files "desktop.ini". Die eine lässt sich öffnen und es steht folgendes drin :
Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183]
         
Bei der zweiten Datei kommt die Meldung "Zugriff verweigert".

Ich habe keine Ahnung was passiert ist über Nacht. Falls das Normal ist bin ich froh, wenn nicht lasse ich es nach dem
Arbeiten nochmal drüberlaufen.

lg


Geändert von txea (14.03.2013 um 06:24 Uhr)

Alt 14.03.2013, 14:23   #6
aharonov
/// TB-Ausbilder
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Hi,

das mit GMER scheint nicht so ganz geklappt zu haben.
Lass es mal sein und mach stattdessen das:


Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.
  • Starte die aswMBR.exe.
    Vista und Win7 User mit Rechtsklick "als Admininstartor ausführen".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von avast! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff aufs Internet zulassen.)
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte, bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere die Datei auf dem Desktop.
Poste mir diese aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung.

Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit.



Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan.
  • Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von aswMBR
  • Log von TDSSKiller
__________________
--> Musik im Hintergrund wenn Browser offen ist WIN7

Alt 14.03.2013, 22:09   #7
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



TDSSKiller
Code:
ATTFilter
22:07:53.0414 3188  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:07:53.0699 3188  ============================================================
22:07:53.0699 3188  Current date / time: 2013/03/14 22:07:53.0699
22:07:53.0699 3188  SystemInfo:
22:07:53.0699 3188  
22:07:53.0699 3188  OS Version: 6.1.7601 ServicePack: 1.0
22:07:53.0699 3188  Product type: Workstation
22:07:53.0699 3188  ComputerName: JEEZY1
22:07:53.0699 3188  UserName: JEEZY
22:07:53.0699 3188  Windows directory: C:\Windows
22:07:53.0699 3188  System windows directory: C:\Windows
22:07:53.0699 3188  Processor architecture: Intel x86
22:07:53.0699 3188  Number of processors: 8
22:07:53.0699 3188  Page size: 0x1000
22:07:53.0699 3188  Boot type: Normal boot
22:07:53.0699 3188  ============================================================
22:07:53.0914 3188  Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:07:53.0914 3188  Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:07:53.0927 3188  ============================================================
22:07:53.0927 3188  \Device\Harddisk0\DR0:
22:07:53.0927 3188  MBR partitions:
22:07:53.0927 3188  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:07:53.0927 3188  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
22:07:53.0927 3188  \Device\Harddisk1\DR1:
22:07:53.0927 3188  MBR partitions:
22:07:53.0927 3188  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
22:07:53.0927 3188  ============================================================
22:07:53.0928 3188  C: <-> \Device\Harddisk0\DR0\Partition2
22:07:53.0969 3188  D: <-> \Device\Harddisk1\DR1\Partition1
22:07:53.0969 3188  ============================================================
22:07:53.0969 3188  Initialize success
22:07:53.0969 3188  ============================================================
22:07:59.0914 6664  ============================================================
22:07:59.0914 6664  Scan started
22:07:59.0914 6664  Mode: Manual; 
22:07:59.0914 6664  ============================================================
22:08:00.0915 6664  ================ Scan system memory ========================
22:08:00.0915 6664  System memory - ok
22:08:00.0915 6664  ================ Scan services =============================
22:08:00.0945 6664  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:08:00.0947 6664  1394ohci - ok
22:08:00.0951 6664  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:08:00.0954 6664  ACPI - ok
22:08:00.0957 6664  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:08:00.0957 6664  AcpiPmi - ok
22:08:00.0962 6664  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:08:00.0963 6664  AdobeARMservice - ok
22:08:00.0967 6664  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:08:00.0969 6664  AdobeFlashPlayerUpdateSvc - ok
22:08:00.0974 6664  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:08:00.0977 6664  adp94xx - ok
22:08:00.0981 6664  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:08:00.0983 6664  adpahci - ok
22:08:00.0986 6664  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:08:00.0988 6664  adpu320 - ok
22:08:00.0991 6664  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:08:00.0992 6664  AeLookupSvc - ok
22:08:00.0998 6664  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
22:08:01.0001 6664  AFD - ok
22:08:01.0003 6664  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:08:01.0004 6664  agp440 - ok
22:08:01.0007 6664  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:08:01.0008 6664  aic78xx - ok
22:08:01.0011 6664  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
22:08:01.0012 6664  ALG - ok
22:08:01.0013 6664  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:08:01.0014 6664  aliide - ok
22:08:01.0016 6664  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:08:01.0017 6664  amdagp - ok
22:08:01.0019 6664  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:08:01.0019 6664  amdide - ok
22:08:01.0021 6664  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:08:01.0022 6664  AmdK8 - ok
22:08:01.0024 6664  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:08:01.0024 6664  AmdPPM - ok
22:08:01.0026 6664  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:08:01.0027 6664  amdsata - ok
22:08:01.0030 6664  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:08:01.0032 6664  amdsbs - ok
22:08:01.0034 6664  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:08:01.0035 6664  amdxata - ok
22:08:01.0037 6664  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
22:08:01.0038 6664  AppID - ok
22:08:01.0040 6664  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:08:01.0040 6664  AppIDSvc - ok
22:08:01.0043 6664  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
22:08:01.0043 6664  Appinfo - ok
22:08:01.0048 6664  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:08:01.0050 6664  Apple Mobile Device - ok
22:08:01.0053 6664  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:08:01.0054 6664  arc - ok
22:08:01.0056 6664  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:08:01.0057 6664  arcsas - ok
22:08:01.0060 6664  [ A3938D491EAEE2B83D3A3631C3273182 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
22:08:01.0061 6664  asmthub3 - ok
22:08:01.0065 6664  [ FE5FFED1DBA8DA0C9064202207301BA4 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
22:08:01.0067 6664  asmtxhci - ok
22:08:01.0070 6664  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:08:01.0070 6664  AsyncMac - ok
22:08:01.0073 6664  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
22:08:01.0073 6664  atapi - ok
22:08:01.0080 6664  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:08:01.0084 6664  AudioEndpointBuilder - ok
22:08:01.0089 6664  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:08:01.0091 6664  Audiosrv - ok
22:08:01.0099 6664  [ 7DF7099F05453D3DBA427A1D2713A414 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe
22:08:01.0102 6664  AVP - ok
22:08:01.0105 6664  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:08:01.0106 6664  AxInstSV - ok
22:08:01.0111 6664  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:08:01.0115 6664  b06bdrv - ok
22:08:01.0119 6664  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:08:01.0121 6664  b57nd60x - ok
22:08:01.0130 6664  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:08:01.0131 6664  BDESVC - ok
22:08:01.0132 6664  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:08:01.0133 6664  Beep - ok
22:08:01.0139 6664  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
22:08:01.0144 6664  BFE - ok
22:08:01.0150 6664  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
22:08:01.0157 6664  BITS - ok
22:08:01.0159 6664  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:08:01.0160 6664  blbdrive - ok
22:08:01.0165 6664  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:08:01.0169 6664  Bonjour Service - ok
22:08:01.0171 6664  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:08:01.0172 6664  bowser - ok
22:08:01.0174 6664  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:08:01.0174 6664  BrFiltLo - ok
22:08:01.0176 6664  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:08:01.0176 6664  BrFiltUp - ok
22:08:01.0179 6664  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
22:08:01.0180 6664  Browser - ok
22:08:01.0184 6664  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:08:01.0186 6664  Brserid - ok
22:08:01.0188 6664  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:08:01.0189 6664  BrSerWdm - ok
22:08:01.0191 6664  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:08:01.0192 6664  BrUsbMdm - ok
22:08:01.0193 6664  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:08:01.0194 6664  BrUsbSer - ok
22:08:01.0196 6664  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:08:01.0196 6664  BTHMODEM - ok
22:08:01.0199 6664  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
22:08:01.0200 6664  bthserv - ok
22:08:01.0204 6664  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:08:01.0205 6664  cdfs - ok
22:08:01.0209 6664  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:08:01.0209 6664  cdrom - ok
22:08:01.0213 6664  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:08:01.0214 6664  CertPropSvc - ok
22:08:01.0216 6664  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:08:01.0217 6664  circlass - ok
22:08:01.0220 6664  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:08:01.0223 6664  CLFS - ok
22:08:01.0231 6664  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:08:01.0233 6664  clr_optimization_v2.0.50727_32 - ok
22:08:01.0240 6664  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:08:01.0246 6664  clr_optimization_v4.0.30319_32 - ok
22:08:01.0254 6664  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:08:01.0254 6664  CmBatt - ok
22:08:01.0256 6664  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:08:01.0256 6664  cmdide - ok
22:08:01.0261 6664  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:08:01.0264 6664  CNG - ok
22:08:01.0266 6664  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:08:01.0267 6664  Compbatt - ok
22:08:01.0269 6664  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:08:01.0269 6664  CompositeBus - ok
22:08:01.0271 6664  COMSysApp - ok
22:08:01.0273 6664  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:08:01.0273 6664  crcdisk - ok
22:08:01.0277 6664  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:08:01.0278 6664  CryptSvc - ok
22:08:01.0284 6664  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:08:01.0288 6664  DcomLaunch - ok
22:08:01.0291 6664  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:08:01.0293 6664  defragsvc - ok
22:08:01.0296 6664  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:08:01.0297 6664  DfsC - ok
22:08:01.0301 6664  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:08:01.0303 6664  Dhcp - ok
22:08:01.0305 6664  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:08:01.0306 6664  discache - ok
22:08:01.0308 6664  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:08:01.0309 6664  Disk - ok
22:08:01.0312 6664  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:08:01.0313 6664  Dnscache - ok
22:08:01.0317 6664  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:08:01.0318 6664  dot3svc - ok
22:08:01.0322 6664  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
22:08:01.0323 6664  DPS - ok
22:08:01.0325 6664  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:08:01.0325 6664  drmkaud - ok
22:08:01.0333 6664  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:08:01.0339 6664  DXGKrnl - ok
22:08:01.0341 6664  EagleXNt - ok
22:08:01.0345 6664  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
22:08:01.0346 6664  EapHost - ok
22:08:01.0374 6664  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:08:01.0398 6664  ebdrv - ok
22:08:01.0401 6664  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
22:08:01.0402 6664  EFS - ok
22:08:01.0410 6664  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:08:01.0416 6664  ehRecvr - ok
22:08:01.0418 6664  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
22:08:01.0420 6664  ehSched - ok
22:08:01.0426 6664  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:08:01.0430 6664  elxstor - ok
22:08:01.0432 6664  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:08:01.0432 6664  ErrDev - ok
22:08:01.0435 6664  [ 3F3126A8F73E92F8EB369D54977D9E15 ] ESLvnic1        C:\Windows\system32\DRIVERS\ESLvnic.sys
22:08:01.0436 6664  ESLvnic1 - ok
22:08:01.0446 6664  [ 5F579784A1663B67A849039BF74994BF ] ESLWireAC       C:\Windows\system32\drivers\ESLWireACD.sys
22:08:01.0453 6664  ESLWireAC - ok
22:08:01.0551 6664  [ 54187445E0A4DF6741DD382C5C38B848 ] EslWireHelper   D:\Program Files\EslWire\service\WireHelperSvc.exe
22:08:01.0556 6664  EslWireHelper - ok
22:08:01.0560 6664  [ 6B93B103242C3C30F850F53DBE39ED88 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
22:08:01.0561 6664  EuMusDesignVirtualAudioCableWdm - ok
22:08:01.0566 6664  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
22:08:01.0568 6664  EventSystem - ok
22:08:01.0571 6664  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
22:08:01.0573 6664  exfat - ok
22:08:01.0576 6664  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:08:01.0577 6664  fastfat - ok
22:08:01.0584 6664  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
22:08:01.0588 6664  Fax - ok
22:08:01.0590 6664  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:08:01.0591 6664  fdc - ok
22:08:01.0593 6664  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:08:01.0594 6664  fdPHost - ok
22:08:01.0596 6664  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:08:01.0596 6664  FDResPub - ok
22:08:01.0598 6664  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:08:01.0599 6664  FileInfo - ok
22:08:01.0601 6664  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:08:01.0601 6664  Filetrace - ok
22:08:01.0603 6664  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:08:01.0603 6664  flpydisk - ok
22:08:01.0606 6664  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:08:01.0607 6664  FltMgr - ok
22:08:01.0617 6664  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
22:08:01.0624 6664  FontCache - ok
22:08:01.0627 6664  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:08:01.0628 6664  FontCache3.0.0.0 - ok
22:08:01.0630 6664  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:08:01.0631 6664  FsDepends - ok
22:08:01.0633 6664  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:08:01.0633 6664  Fs_Rec - ok
22:08:01.0636 6664  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:08:01.0638 6664  fvevol - ok
22:08:01.0640 6664  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:08:01.0641 6664  gagp30kx - ok
22:08:01.0643 6664  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:08:01.0643 6664  GEARAspiWDM - ok
22:08:01.0650 6664  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:08:01.0655 6664  gpsvc - ok
22:08:01.0660 6664  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:08:01.0660 6664  gupdate - ok
22:08:01.0664 6664  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:08:01.0664 6664  gupdatem - ok
22:08:01.0666 6664  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:08:01.0667 6664  hcw85cir - ok
22:08:01.0671 6664  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:08:01.0674 6664  HdAudAddService - ok
22:08:01.0677 6664  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:08:01.0678 6664  HDAudBus - ok
22:08:01.0680 6664  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:08:01.0680 6664  HidBatt - ok
22:08:01.0682 6664  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:08:01.0683 6664  HidBth - ok
22:08:01.0685 6664  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:08:01.0686 6664  HidIr - ok
22:08:01.0688 6664  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
22:08:01.0689 6664  hidserv - ok
22:08:01.0691 6664  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:08:01.0692 6664  HidUsb - ok
22:08:01.0694 6664  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:08:01.0695 6664  hkmsvc - ok
22:08:01.0699 6664  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:08:01.0701 6664  HomeGroupListener - ok
22:08:01.0704 6664  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:08:01.0707 6664  HomeGroupProvider - ok
22:08:01.0709 6664  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:08:01.0710 6664  HpSAMD - ok
22:08:01.0719 6664  [ CCFA6A6925E4544A8167B753C7DDE345 ] hshld           C:\Program Files\Hotspot Shield\bin\openvpnas.exe
22:08:01.0722 6664  hshld - ok
22:08:01.0727 6664  [ FB2D0CAD5BFE427A81259D2AD68D7B33 ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
22:08:01.0728 6664  HssDRV6 - ok
22:08:01.0735 6664  [ 7321BCA90DD53CC46EFDF1D4D44964E1 ] HssSrv          C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
22:08:01.0738 6664  HssSrv - ok
22:08:01.0740 6664  [ 01BEF3BF1C5262B76981D430E430E89B ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
22:08:01.0740 6664  HssTrayService - ok
22:08:01.0747 6664  [ 2E1DF960A48BDE321881823ABBB2E1C7 ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
22:08:01.0749 6664  HssWd - ok
22:08:01.0757 6664  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:08:01.0764 6664  HTTP - ok
22:08:01.0766 6664  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:08:01.0766 6664  hwpolicy - ok
22:08:01.0769 6664  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:08:01.0769 6664  i8042prt - ok
22:08:01.0773 6664  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:08:01.0776 6664  iaStorV - ok
22:08:01.0785 6664  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:08:01.0794 6664  idsvc - ok
22:08:01.0796 6664  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:08:01.0797 6664  iirsp - ok
22:08:01.0805 6664  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:08:01.0811 6664  IKEEXT - ok
22:08:01.0842 6664  [ 6BEA3C6C9B0DC7BB92A54154796895B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:08:01.0870 6664  IntcAzAudAddService - ok
22:08:01.0873 6664  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:08:01.0873 6664  intelide - ok
22:08:01.0875 6664  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:08:01.0876 6664  intelppm - ok
22:08:01.0878 6664  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:08:01.0879 6664  IPBusEnum - ok
22:08:01.0881 6664  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:08:01.0882 6664  IpFilterDriver - ok
22:08:01.0887 6664  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:08:01.0892 6664  iphlpsvc - ok
22:08:01.0894 6664  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:08:01.0894 6664  IPMIDRV - ok
22:08:01.0897 6664  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:08:01.0898 6664  IPNAT - ok
22:08:01.0907 6664  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:08:01.0914 6664  iPod Service - ok
22:08:01.0916 6664  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:08:01.0916 6664  IRENUM - ok
22:08:01.0920 6664  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:08:01.0920 6664  isapnp - ok
22:08:01.0925 6664  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:08:01.0928 6664  iScsiPrt - ok
22:08:01.0932 6664  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:08:01.0932 6664  kbdclass - ok
22:08:01.0934 6664  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:08:01.0934 6664  kbdhid - ok
22:08:01.0936 6664  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
22:08:01.0937 6664  KeyIso - ok
22:08:01.0940 6664  [ 94D67D49BD9503BB1D838405D80F2058 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
22:08:01.0941 6664  KL1 - ok
22:08:01.0943 6664  [ 713576569667AC9E0F8556076004A96B ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
22:08:01.0944 6664  kl2 - ok
22:08:01.0949 6664  [ 39920D69EAEDB51757527AA54FE25216 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
22:08:01.0953 6664  KLIF - ok
22:08:01.0956 6664  [ CF88B4985D957EEE45C9939092E87C92 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
22:08:01.0956 6664  KLIM6 - ok
22:08:01.0958 6664  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
22:08:01.0959 6664  klmouflt - ok
22:08:01.0961 6664  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:08:01.0962 6664  KSecDD - ok
22:08:01.0965 6664  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:08:01.0966 6664  KSecPkg - ok
22:08:01.0971 6664  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:08:01.0973 6664  KtmRm - ok
22:08:01.0978 6664  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:08:01.0980 6664  LanmanServer - ok
22:08:01.0983 6664  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:08:01.0985 6664  LanmanWorkstation - ok
22:08:01.0988 6664  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:08:01.0989 6664  lltdio - ok
22:08:01.0992 6664  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:08:01.0994 6664  lltdsvc - ok
22:08:01.0995 6664  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:08:01.0996 6664  lmhosts - ok
22:08:02.0002 6664  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:08:02.0004 6664  LMS - ok
22:08:02.0008 6664  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:08:02.0008 6664  LSI_FC - ok
22:08:02.0011 6664  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:08:02.0012 6664  LSI_SAS - ok
22:08:02.0015 6664  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:08:02.0016 6664  LSI_SAS2 - ok
22:08:02.0018 6664  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:08:02.0019 6664  LSI_SCSI - ok
22:08:02.0021 6664  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
22:08:02.0022 6664  luafv - ok
22:08:02.0025 6664  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:08:02.0025 6664  MBAMProtector - ok
22:08:02.0074 6664  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:08:02.0077 6664  MBAMScheduler - ok
22:08:02.0101 6664  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:08:02.0107 6664  MBAMService - ok
22:08:02.0110 6664  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:08:02.0111 6664  Mcx2Svc - ok
22:08:02.0113 6664  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:08:02.0113 6664  megasas - ok
22:08:02.0117 6664  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:08:02.0118 6664  MegaSR - ok
22:08:02.0121 6664  [ D86AC00883B9C98B570E7643AAF8E554 ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
22:08:02.0122 6664  MEI - ok
22:08:02.0125 6664  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
22:08:02.0126 6664  MMCSS - ok
22:08:02.0128 6664  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
22:08:02.0129 6664  Modem - ok
22:08:02.0131 6664  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:08:02.0131 6664  monitor - ok
22:08:02.0133 6664  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:08:02.0134 6664  mouclass - ok
22:08:02.0137 6664  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:08:02.0137 6664  mouhid - ok
22:08:02.0140 6664  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:08:02.0141 6664  mountmgr - ok
22:08:02.0145 6664  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:08:02.0147 6664  MozillaMaintenance - ok
22:08:02.0150 6664  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:08:02.0151 6664  mpio - ok
22:08:02.0153 6664  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:08:02.0154 6664  mpsdrv - ok
22:08:02.0161 6664  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:08:02.0166 6664  MpsSvc - ok
22:08:02.0169 6664  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:08:02.0170 6664  MRxDAV - ok
22:08:02.0173 6664  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:08:02.0174 6664  mrxsmb - ok
22:08:02.0177 6664  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:08:02.0179 6664  mrxsmb10 - ok
22:08:02.0182 6664  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:08:02.0183 6664  mrxsmb20 - ok
22:08:02.0185 6664  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:08:02.0186 6664  msahci - ok
22:08:02.0188 6664  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:08:02.0189 6664  msdsm - ok
22:08:02.0192 6664  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
22:08:02.0194 6664  MSDTC - ok
22:08:02.0197 6664  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:08:02.0198 6664  Msfs - ok
22:08:02.0199 6664  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:08:02.0199 6664  mshidkmdf - ok
22:08:02.0201 6664  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:08:02.0202 6664  msisadrv - ok
22:08:02.0205 6664  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:08:02.0206 6664  MSiSCSI - ok
22:08:02.0207 6664  msiserver - ok
22:08:02.0209 6664  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:08:02.0210 6664  MSKSSRV - ok
22:08:02.0211 6664  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:08:02.0212 6664  MSPCLOCK - ok
22:08:02.0213 6664  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:08:02.0214 6664  MSPQM - ok
22:08:02.0217 6664  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:08:02.0218 6664  MsRPC - ok
22:08:02.0221 6664  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:08:02.0221 6664  mssmbios - ok
22:08:02.0223 6664  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:08:02.0223 6664  MSTEE - ok
22:08:02.0225 6664  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:08:02.0226 6664  MTConfig - ok
22:08:02.0227 6664  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:08:02.0228 6664  Mup - ok
22:08:02.0232 6664  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
22:08:02.0236 6664  napagent - ok
22:08:02.0240 6664  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:08:02.0242 6664  NativeWifiP - ok
22:08:02.0250 6664  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:08:02.0256 6664  NDIS - ok
22:08:02.0258 6664  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:08:02.0258 6664  NdisCap - ok
22:08:02.0261 6664  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:08:02.0261 6664  NdisTapi - ok
22:08:02.0263 6664  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:08:02.0264 6664  Ndisuio - ok
22:08:02.0266 6664  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:08:02.0268 6664  NdisWan - ok
22:08:02.0270 6664  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:08:02.0270 6664  NDProxy - ok
22:08:02.0273 6664  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:08:02.0273 6664  NetBIOS - ok
22:08:02.0276 6664  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:08:02.0278 6664  NetBT - ok
22:08:02.0280 6664  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
22:08:02.0281 6664  Netlogon - ok
22:08:02.0286 6664  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:08:02.0289 6664  Netman - ok
22:08:02.0293 6664  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:08:02.0297 6664  netprofm - ok
22:08:02.0299 6664  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:08:02.0300 6664  NetTcpPortSharing - ok
22:08:02.0302 6664  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:08:02.0303 6664  nfrd960 - ok
22:08:02.0306 6664  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:08:02.0309 6664  NlaSvc - ok
22:08:02.0311 6664  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:08:02.0312 6664  Npfs - ok
22:08:02.0315 6664  npggsvc - ok
22:08:02.0317 6664  [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2         C:\Windows\system32\npptNT2.sys
22:08:02.0318 6664  NPPTNT2 - ok
22:08:02.0320 6664  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
22:08:02.0322 6664  nsi - ok
22:08:02.0324 6664  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:08:02.0324 6664  nsiproxy - ok
22:08:02.0336 6664  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:08:02.0346 6664  Ntfs - ok
22:08:02.0348 6664  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:08:02.0348 6664  Null - ok
22:08:02.0352 6664  [ 96C27791D5AE5C77E37C61B15112E38D ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
22:08:02.0353 6664  NVHDA - ok
22:08:02.0446 6664  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:08:02.0529 6664  nvlddmkm - ok
22:08:02.0534 6664  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:08:02.0535 6664  nvraid - ok
22:08:02.0538 6664  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:08:02.0539 6664  nvstor - ok
22:08:02.0546 6664  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] NVSvc           C:\Windows\system32\nvvsvc.exe
22:08:02.0549 6664  NVSvc - ok
22:08:02.0563 6664  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:08:02.0574 6664  nvUpdatusService - ok
22:08:02.0577 6664  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:08:02.0579 6664  nv_agp - ok
22:08:02.0581 6664  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:08:02.0582 6664  ohci1394 - ok
22:08:02.0586 6664  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:08:02.0589 6664  p2pimsvc - ok
22:08:02.0594 6664  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:08:02.0597 6664  p2psvc - ok
22:08:02.0600 6664  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:08:02.0601 6664  Parport - ok
22:08:02.0603 6664  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:08:02.0603 6664  partmgr - ok
22:08:02.0605 6664  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:08:02.0606 6664  Parvdm - ok
22:08:02.0609 6664  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:08:02.0611 6664  PcaSvc - ok
22:08:02.0614 6664  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
22:08:02.0616 6664  pci - ok
22:08:02.0618 6664  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
22:08:02.0618 6664  pciide - ok
22:08:02.0622 6664  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:08:02.0623 6664  pcmcia - ok
22:08:02.0625 6664  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
22:08:02.0626 6664  pcw - ok
22:08:02.0632 6664  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:08:02.0637 6664  PEAUTH - ok
22:08:02.0656 6664  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
22:08:02.0671 6664  pla - ok
22:08:02.0676 6664  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:08:02.0680 6664  PlugPlay - ok
22:08:02.0685 6664  [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
22:08:02.0687 6664  PnkBstrA - ok
22:08:02.0689 6664  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:08:02.0690 6664  PNRPAutoReg - ok
22:08:02.0694 6664  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:08:02.0696 6664  PNRPsvc - ok
22:08:02.0701 6664  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:08:02.0703 6664  PolicyAgent - ok
22:08:02.0707 6664  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
22:08:02.0709 6664  Power - ok
22:08:02.0712 6664  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:08:02.0713 6664  PptpMiniport - ok
22:08:02.0715 6664  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:08:02.0715 6664  Processor - ok
22:08:02.0719 6664  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
22:08:02.0721 6664  ProfSvc - ok
22:08:02.0723 6664  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:08:02.0724 6664  ProtectedStorage - ok
22:08:02.0727 6664  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:08:02.0728 6664  Psched - ok
22:08:02.0741 6664  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:08:02.0752 6664  ql2300 - ok
22:08:02.0755 6664  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:08:02.0756 6664  ql40xx - ok
22:08:02.0759 6664  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
22:08:02.0762 6664  QWAVE - ok
22:08:02.0764 6664  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:08:02.0765 6664  QWAVEdrv - ok
22:08:02.0766 6664  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:08:02.0767 6664  RasAcd - ok
22:08:02.0769 6664  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:08:02.0769 6664  RasAgileVpn - ok
22:08:02.0772 6664  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
22:08:02.0774 6664  RasAuto - ok
22:08:02.0776 6664  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:08:02.0777 6664  Rasl2tp - ok
22:08:02.0781 6664  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
22:08:02.0784 6664  RasMan - ok
22:08:02.0786 6664  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:08:02.0787 6664  RasPppoe - ok
22:08:02.0790 6664  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:08:02.0791 6664  RasSstp - ok
22:08:02.0795 6664  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:08:02.0797 6664  rdbss - ok
22:08:02.0799 6664  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:08:02.0799 6664  rdpbus - ok
22:08:02.0801 6664  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:08:02.0802 6664  RDPCDD - ok
22:08:02.0804 6664  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:08:02.0805 6664  RDPENCDD - ok
22:08:02.0807 6664  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:08:02.0808 6664  RDPREFMP - ok
22:08:02.0811 6664  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:08:02.0812 6664  RDPWD - ok
22:08:02.0816 6664  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:08:02.0817 6664  rdyboost - ok
22:08:02.0820 6664  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:08:02.0821 6664  RemoteAccess - ok
22:08:02.0823 6664  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:08:02.0825 6664  RemoteRegistry - ok
22:08:02.0827 6664  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:08:02.0829 6664  RpcEptMapper - ok
22:08:02.0831 6664  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:08:02.0832 6664  RpcLocator - ok
22:08:02.0836 6664  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
22:08:02.0838 6664  RpcSs - ok
22:08:02.0841 6664  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:08:02.0842 6664  rspndr - ok
22:08:02.0850 6664  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
22:08:02.0854 6664  RTL8167 - ok
22:08:02.0856 6664  [ 32A7DBFAC034DFEDBB031E67BB886BF7 ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
22:08:02.0857 6664  RtNdPt60 - ok
22:08:02.0859 6664  [ F816662AB13A57F1CE4542336AA02694 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
22:08:02.0859 6664  RTTEAMPT - ok
22:08:02.0862 6664  [ 62E01F439C73FCFCCA04F0E9D5255664 ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan60.sys
22:08:02.0862 6664  RTVLANPT - ok
22:08:02.0864 6664  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
22:08:02.0865 6664  SamSs - ok
22:08:02.0867 6664  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:08:02.0868 6664  sbp2port - ok
22:08:02.0871 6664  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:08:02.0873 6664  SCardSvr - ok
22:08:02.0875 6664  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:08:02.0876 6664  scfilter - ok
22:08:02.0884 6664  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
22:08:02.0891 6664  Schedule - ok
22:08:02.0894 6664  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:08:02.0894 6664  SCPolicySvc - ok
22:08:02.0897 6664  [ A689D522EEDF89401E1DA2FE883AA7EC ] SCREAMINGBDRIVER C:\Windows\system32\drivers\ScreamingBAudio.sys
22:08:02.0897 6664  SCREAMINGBDRIVER - ok
22:08:02.0900 6664  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:08:02.0902 6664  SDRSVC - ok
22:08:02.0904 6664  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:08:02.0905 6664  secdrv - ok
22:08:02.0907 6664  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:08:02.0908 6664  seclogon - ok
22:08:02.0910 6664  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
22:08:02.0912 6664  SENS - ok
22:08:02.0914 6664  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:08:02.0916 6664  SensrSvc - ok
22:08:02.0918 6664  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:08:02.0918 6664  Serenum - ok
22:08:02.0921 6664  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:08:02.0921 6664  Serial - ok
22:08:02.0923 6664  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:08:02.0924 6664  sermouse - ok
22:08:02.0929 6664  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:08:02.0931 6664  SessionEnv - ok
22:08:02.0933 6664  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:08:02.0933 6664  sffdisk - ok
22:08:02.0935 6664  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:08:02.0935 6664  sffp_mmc - ok
22:08:02.0938 6664  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:08:02.0938 6664  sffp_sd - ok
22:08:02.0940 6664  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:08:02.0941 6664  sfloppy - ok
22:08:02.0945 6664  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:08:02.0947 6664  SharedAccess - ok
22:08:02.0951 6664  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:08:02.0955 6664  ShellHWDetection - ok
22:08:02.0957 6664  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:08:02.0958 6664  sisagp - ok
22:08:02.0960 6664  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:08:02.0961 6664  SiSRaid2 - ok
22:08:02.0963 6664  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:08:02.0964 6664  SiSRaid4 - ok
22:08:02.0969 6664  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:08:02.0971 6664  SkypeUpdate - ok
22:08:02.0973 6664  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:08:02.0974 6664  Smb - ok
22:08:02.0978 6664  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:08:02.0979 6664  SNMPTRAP - ok
22:08:02.0981 6664  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:08:02.0982 6664  spldr - ok
22:08:02.0986 6664  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
22:08:02.0990 6664  Spooler - ok
22:08:03.0016 6664  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:08:03.0042 6664  sppsvc - ok
22:08:03.0046 6664  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:08:03.0047 6664  sppuinotify - ok
22:08:03.0052 6664  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:08:03.0055 6664  srv - ok
22:08:03.0059 6664  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:08:03.0062 6664  srv2 - ok
22:08:03.0065 6664  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:08:03.0065 6664  srvnet - ok
22:08:03.0069 6664  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:08:03.0071 6664  SSDPSRV - ok
22:08:03.0073 6664  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:08:03.0075 6664  SstpSvc - ok
22:08:03.0079 6664  Steam Client Service - ok
22:08:03.0087 6664  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:08:03.0088 6664  Stereo Service - ok
22:08:03.0091 6664  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:08:03.0091 6664  stexstor - ok
22:08:03.0097 6664  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:08:03.0103 6664  StiSvc - ok
22:08:03.0105 6664  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:08:03.0105 6664  swenum - ok
22:08:03.0110 6664  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
22:08:03.0112 6664  swprv - ok
22:08:03.0123 6664  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
22:08:03.0133 6664  SysMain - ok
22:08:03.0136 6664  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:08:03.0138 6664  TabletInputService - ok
22:08:03.0141 6664  [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
22:08:03.0142 6664  taphss - ok
22:08:03.0145 6664  [ DEB7FA72F982C4881E633507C5265A3C ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
22:08:03.0145 6664  taphss6 - ok
22:08:03.0149 6664  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:08:03.0152 6664  TapiSrv - ok
22:08:03.0154 6664  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
22:08:03.0156 6664  TBS - ok
22:08:03.0168 6664  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:08:03.0179 6664  Tcpip - ok
22:08:03.0191 6664  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:08:03.0196 6664  TCPIP6 - ok
22:08:03.0201 6664  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:08:03.0202 6664  tcpipreg - ok
22:08:03.0205 6664  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:08:03.0206 6664  TDPIPE - ok
22:08:03.0208 6664  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:08:03.0208 6664  TDTCP - ok
22:08:03.0211 6664  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:08:03.0212 6664  tdx - ok
22:08:03.0214 6664  [ F816662AB13A57F1CE4542336AA02694 ] TEAM            C:\Windows\system32\DRIVERS\RtTeam60.sys
22:08:03.0214 6664  TEAM - ok
22:08:03.0248 6664  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
22:08:03.0278 6664  TeamViewer8 - ok
22:08:03.0281 6664  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:08:03.0282 6664  TermDD - ok
22:08:03.0288 6664  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
22:08:03.0293 6664  TermService - ok
22:08:03.0296 6664  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:08:03.0297 6664  Themes - ok
22:08:03.0299 6664  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:08:03.0300 6664  THREADORDER - ok
22:08:03.0303 6664  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:08:03.0305 6664  TrkWks - ok
22:08:03.0308 6664  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:08:03.0309 6664  TrustedInstaller - ok
22:08:03.0312 6664  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:08:03.0312 6664  tssecsrv - ok
22:08:03.0315 6664  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:08:03.0316 6664  TsUsbFlt - ok
22:08:03.0319 6664  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:08:03.0320 6664  tunnel - ok
22:08:03.0322 6664  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:08:03.0323 6664  uagp35 - ok
22:08:03.0327 6664  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:08:03.0328 6664  udfs - ok
22:08:03.0332 6664  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:08:03.0334 6664  UI0Detect - ok
22:08:03.0336 6664  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:08:03.0337 6664  uliagpkx - ok
22:08:03.0340 6664  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
22:08:03.0340 6664  umbus - ok
22:08:03.0342 6664  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:08:03.0343 6664  UmPass - ok
22:08:03.0368 6664  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:08:03.0390 6664  UNS - ok
22:08:03.0395 6664  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:08:03.0398 6664  upnphost - ok
22:08:03.0401 6664  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
22:08:03.0402 6664  USBAAPL - ok
22:08:03.0404 6664  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:08:03.0406 6664  usbaudio - ok
22:08:03.0408 6664  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:08:03.0409 6664  usbccgp - ok
22:08:03.0412 6664  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:08:03.0413 6664  usbcir - ok
22:08:03.0415 6664  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:08:03.0416 6664  usbehci - ok
22:08:03.0420 6664  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:08:03.0422 6664  usbhub - ok
22:08:03.0424 6664  USBMULCD - ok
22:08:03.0426 6664  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:08:03.0426 6664  usbohci - ok
22:08:03.0429 6664  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:08:03.0429 6664  usbprint - ok
22:08:03.0432 6664  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:08:03.0432 6664  USBSTOR - ok
22:08:03.0434 6664  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:08:03.0435 6664  usbuhci - ok
22:08:03.0437 6664  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
22:08:03.0439 6664  UxSms - ok
22:08:03.0441 6664  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
22:08:03.0442 6664  VaultSvc - ok
22:08:03.0444 6664  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:08:03.0445 6664  vdrvroot - ok
22:08:03.0450 6664  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
22:08:03.0454 6664  vds - ok
22:08:03.0457 6664  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:08:03.0457 6664  vga - ok
22:08:03.0459 6664  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:08:03.0460 6664  VgaSave - ok
22:08:03.0463 6664  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:08:03.0464 6664  vhdmp - ok
22:08:03.0467 6664  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:08:03.0468 6664  viaagp - ok
22:08:03.0470 6664  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:08:03.0470 6664  ViaC7 - ok
22:08:03.0472 6664  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
22:08:03.0473 6664  viaide - ok
22:08:03.0475 6664  [ 62E01F439C73FCFCCA04F0E9D5255664 ] VLAN            C:\Windows\system32\DRIVERS\RtVLAN60.sys
22:08:03.0475 6664  VLAN - ok
22:08:03.0477 6664  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:08:03.0478 6664  volmgr - ok
22:08:03.0483 6664  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:08:03.0485 6664  volmgrx - ok
22:08:03.0489 6664  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:08:03.0491 6664  volsnap - ok
22:08:03.0495 6664  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:08:03.0496 6664  vsmraid - ok
22:08:03.0507 6664  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
22:08:03.0512 6664  VSS - ok
22:08:03.0514 6664  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:08:03.0514 6664  vwifibus - ok
22:08:03.0519 6664  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
22:08:03.0522 6664  W32Time - ok
22:08:03.0525 6664  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:08:03.0525 6664  WacomPen - ok
22:08:03.0528 6664  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:08:03.0528 6664  WANARP - ok
22:08:03.0530 6664  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:08:03.0530 6664  Wanarpv6 - ok
22:08:03.0543 6664  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:08:03.0556 6664  WatAdminSvc - ok
22:08:03.0568 6664  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
22:08:03.0579 6664  wbengine - ok
22:08:03.0583 6664  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:08:03.0585 6664  WbioSrvc - ok
22:08:03.0589 6664  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:08:03.0593 6664  wcncsvc - ok
22:08:03.0595 6664  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:08:03.0597 6664  WcsPlugInService - ok
22:08:03.0599 6664  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:08:03.0599 6664  Wd - ok
22:08:03.0605 6664  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:08:03.0610 6664  Wdf01000 - ok
22:08:03.0612 6664  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:08:03.0614 6664  WdiServiceHost - ok
22:08:03.0616 6664  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:08:03.0617 6664  WdiSystemHost - ok
22:08:03.0621 6664  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
22:08:03.0624 6664  WebClient - ok
22:08:03.0628 6664  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:08:03.0630 6664  Wecsvc - ok
22:08:03.0633 6664  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:08:03.0635 6664  wercplsupport - ok
22:08:03.0637 6664  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:08:03.0639 6664  WerSvc - ok
22:08:03.0642 6664  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:08:03.0642 6664  WfpLwf - ok
22:08:03.0644 6664  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:08:03.0644 6664  WIMMount - ok
22:08:03.0652 6664  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:08:03.0658 6664  WinDefend - ok
22:08:03.0660 6664  WinHttpAutoProxySvc - ok
22:08:03.0667 6664  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:08:03.0669 6664  Winmgmt - ok
22:08:03.0680 6664  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:08:03.0690 6664  WinRM - ok
22:08:03.0696 6664  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:08:03.0696 6664  WinUsb - ok
22:08:03.0705 6664  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:08:03.0713 6664  Wlansvc - ok
22:08:03.0731 6664  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:08:03.0745 6664  wlidsvc - ok
22:08:03.0748 6664  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:08:03.0748 6664  WmiAcpi - ok
22:08:03.0752 6664  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:08:03.0754 6664  wmiApSrv - ok
22:08:03.0765 6664  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:08:03.0769 6664  WMPNetworkSvc - ok
22:08:03.0771 6664  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:08:03.0773 6664  WPCSvc - ok
22:08:03.0776 6664  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:08:03.0778 6664  WPDBusEnum - ok
22:08:03.0780 6664  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:08:03.0780 6664  ws2ifsl - ok
22:08:03.0783 6664  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:08:03.0785 6664  wscsvc - ok
22:08:03.0786 6664  WSearch - ok
22:08:03.0805 6664  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:08:03.0822 6664  wuauserv - ok
22:08:03.0825 6664  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:08:03.0825 6664  WudfPf - ok
22:08:03.0830 6664  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:08:03.0831 6664  WUDFRd - ok
22:08:03.0834 6664  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:08:03.0836 6664  wudfsvc - ok
22:08:03.0840 6664  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:08:03.0843 6664  WwanSvc - ok
22:08:03.0847 6664  XDva392 - ok
22:08:03.0850 6664  ================ Scan global ===============================
22:08:03.0852 6664  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:08:03.0855 6664  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:08:03.0860 6664  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:08:03.0864 6664  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:08:03.0868 6664  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:08:03.0871 6664  [Global] - ok
22:08:03.0871 6664  ================ Scan MBR ==================================
22:08:03.0873 6664  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:08:03.0935 6664  \Device\Harddisk0\DR0 - ok
22:08:03.0936 6664  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:08:03.0940 6664  \Device\Harddisk1\DR1 - ok
22:08:03.0941 6664  ================ Scan VBR ==================================
22:08:03.0942 6664  [ 089ADDB0BEF68123CF80041978270CD5 ] \Device\Harddisk0\DR0\Partition1
22:08:03.0943 6664  \Device\Harddisk0\DR0\Partition1 - ok
22:08:03.0944 6664  [ 03DABFEE8C3D900EE7496C55BA28FDDA ] \Device\Harddisk0\DR0\Partition2
22:08:03.0945 6664  \Device\Harddisk0\DR0\Partition2 - ok
22:08:03.0946 6664  [ 043EB10EA9F8D1F7909D0CCBC975A69A ] \Device\Harddisk1\DR1\Partition1
22:08:03.0947 6664  \Device\Harddisk1\DR1\Partition1 - ok
22:08:03.0947 6664  ============================================================
22:08:03.0947 6664  Scan finished
22:08:03.0947 6664  ============================================================
22:08:03.0952 6632  Detected object count: 0
22:08:03.0952 6632  Actual detected object count: 0
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-14 21:01:38
-----------------------------
21:01:38.430    OS Version: Windows 6.1.7601 Service Pack 1
21:01:38.431    Number of processors: 8 586 0x2A07
21:01:38.433    ComputerName: JEEZY1  UserName: JEEZY
21:02:03.561    Initialize success
21:10:51.703    AVAST engine defs: 13031401
22:03:57.700    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
22:03:57.701    Disk 0 Vendor: KINGSTON_SVP100S264G CJRA0202 Size: 61057MB BusType: 3
22:03:57.702    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-8
22:03:57.704    Disk 1 Vendor: WDC_WD15EARS-19MVWB0 51.0AB51 Size: 1430799MB BusType: 3
22:03:57.706    Disk 0 MBR read successfully
22:03:57.707    Disk 0 MBR scan
22:03:57.710    Disk 0 Windows 7 default MBR code
22:03:57.712    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:03:57.716    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60955 MB offset 206848
22:03:57.720    Disk 0 scanning sectors +125042688
22:03:57.726    Disk 0 scanning C:\Windows\system32\drivers
22:04:00.310    Service scanning
22:04:02.732    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:04:02.746    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
22:04:02.781    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:04:02.794    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:04:06.914    Modules scanning
22:04:08.703    Disk 0 trace - called modules:
22:04:08.709    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
22:04:08.713    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86877030]
22:04:08.716    3 CLASSPNP.SYS[8e57959e] -> nt!IofCallDriver -> [0x862e8328]
22:04:08.719    5 ACPI.sys[8d6283d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-7[0x8637d030]
22:04:08.923    AVAST engine scan C:\Windows
22:04:09.318    AVAST engine scan C:\Windows\system32
22:05:01.466    AVAST engine scan C:\Windows\system32\drivers
22:05:04.920    AVAST engine scan C:\Users\JEEZY
22:07:41.817    Disk 0 MBR has been saved successfully to "C:\Users\JEEZY\Desktop\MBR.dat"
22:07:41.818    The log file has been saved successfully to "C:\Users\JEEZY\Desktop\aswMBR.txt"
         

Alt 14.03.2013, 22:56   #8
aharonov
/// TB-Ausbilder
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Hi,

mach damit weiter:


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 15.03.2013, 14:08   #9
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 15/03/2013 um 13:49:17 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : JEEZY - JEEZY1
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\JEEZY\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\searchplugins\icqplugin-1.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\JEEZY\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\firejump@firejump.net

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5d538bdeb43dee43
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\5d538bdeb43dee43
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114026&tt=0113_6&babsrc=HP_ss&mntrId=6ee7012200000000000000ff5ef94524 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\prefs.js

C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "6");
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dpkLst", "");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "C28CDA6402C30E77190DB37385B548D2");
Gelöscht : user_pref("extensions.BabylonToolbar.id", "6ee7012200000000000000ff5ef94524");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15709");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.21:01:29");
Gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\[...]
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.sg", "czb");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114026&tt=0113_6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.21:01:30");
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1361607618);
Gelöscht : user_pref("icqtoolbar.history", "horkruks||asg||0%3A1%3A29454366||Cam'Ron%20-%20Get%20'Em%20Girls||h[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1343363667");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "7.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "132052132013205213201320521531323");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1361558949);
Gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Chromium v      directory_upgrade: true
   }

Datei : C:\Users\JEEZY\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.14.1738.0

Datei : C:\Users\JEEZY\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8757 octets] - [15/03/2013 13:49:17]

########## EOF - C:\AdwCleaner[S1].txt - [8817 octets] ##########
         

OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.03.2013 13:55:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JEEZY\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 60,93% Memory free
6,98 Gb Paging File | 5,52 Gb Available in Paging File | 79,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,53 Gb Total Space | 10,03 Gb Free Space | 16,85% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1273,62 Gb Free Space | 91,15% Space Free | Partition Type: NTFS
 
Computer Name: JEEZY1 | User Name: JEEZY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe
PRC - [2013.03.09 15:33:09 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2013.03.08 18:47:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013.02.21 19:48:23 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () -- D:\Program Files\EslWire\service\WireHelperSvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.20 13:29:22 | 000,101,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.09 15:33:08 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013.03.08 18:47:49 | 003,069,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.09 15:33:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.02.22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () [Auto | Running] -- D:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.09 18:06:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.07 22:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.02 15:28:56 | 000,361,216 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe -- (AVP)
SRV - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.12.17 11:38:54 | 000,867,344 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.08 02:51:30 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2012.04.06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.11.06 03:06:37 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.08.03 09:58:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011.06.02 10:32:50 | 000,317,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2011.06.02 10:32:50 | 000,101,352 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2011.03.03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (VLAN)
DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM)
DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV - [2010.01.14 21:26:34 | 000,033,056 | R--- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 36 37 4F F0 9B CC 01  [binary data]
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2011.11.05 20:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Extensions
[2013.03.15 13:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions
[2013.03.06 18:05:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\ich@maltegoetz.de
[2013.02.23 09:37:18 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\toolbar@web.de
[2012.11.02 14:56:01 | 000,077,464 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@billiger.de.xpi
[2012.08.26 18:58:28 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@icq.de.xpi
[2012.12.30 19:54:44 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2013.02.20 16:59:09 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.10.06 08:09:09 | 000,001,297 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 255.255.255.255    easyanticheat.se    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.se    # misleading site
O1 - Hosts: 255.255.255.255    easyanticheat.com    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.com    # misleading site
O1 - Hosts: 255.255.255.255    easyanticheat.info    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.info    # misleading site
O1 - Hosts: 255.255.255.255    easyanticheat.org    # misleading site
O1 - Hosts: 255.255.255.255    www.easyanticheat.org    # misleading site
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [RoccatKone+] D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [speedvid] C:\Programme\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe (SpeedVID Accelerator)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [Facebook Update] C:\Users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [ICQ] D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [Irsacu] C:\Users\JEEZY\AppData\Roaming\Doelna\zaesw.exe File not found
O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JEEZY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EF94524-B58F-4D8C-AEA3-40728AEDA34B}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7072BE6F-DBB1-44D3-B0BB-C77C59CD5E1D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\kloehk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 13:52:05 | 002,417,863 | ---- | C] (Swearware) -- C:\Users\JEEZY\Desktop\ComboFix.exe
[2013.03.15 13:41:52 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{98C7E03C-DDC9-4CFD-9D91-2735BD785193}
[2013.03.15 06:34:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{C4F6228A-EA4A-4E3E-8D64-81B83E9CAF36}
[2013.03.14 22:04:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JEEZY\Desktop\tdsskiller.exe
[2013.03.14 20:57:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\JEEZY\Desktop\aswMBR.exe
[2013.03.14 16:57:32 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{A7BB5671-C546-4027-8C28-F39537B0CC00}
[2013.03.14 03:18:05 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{0950DA9E-A647-4C58-8CDB-33DE61F13E70}
[2013.03.13 18:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe
[2013.03.13 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Malwarebytes
[2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.13 18:33:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.13 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield
[2013.03.13 06:20:17 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{848EEA9D-93E2-43B9-9066-7E75167CACD3}
[2013.03.12 16:58:51 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{32E2F4BE-C239-4610-90D5-DB1C2B5192F5}
[2013.03.11 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B6D04BA0-AFD9-49C5-BF6C-1027C06748DC}
[2013.03.10 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{282767F1-8AD9-4C73-8EBB-2D15A43576FF}
[2013.03.10 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{5479D843-A6C6-499F-B831-8439DC0343F0}
[2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\ManiaPlanet
[2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2013.03.09 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\Macromedia
[2013.03.09 15:32:34 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\My Games
[2013.03.09 08:58:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{13270695-25BD-405A-8774-D38B516E5E83}
[2013.03.08 18:45:49 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{59F27150-C4D8-4104-AA02-4031C255E7E1}
[2013.03.08 06:45:26 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D6844212-8BAC-4CC2-9735-62A8FBCC5ADB}
[2013.03.07 15:41:37 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{08EDF804-C6F4-4E91-B1B7-FEB2A8868967}
[2013.03.06 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{BE657D5D-9BF8-48B4-8EDF-F2EA353F52E6}
[2013.03.05 16:59:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{62AC2EA0-53FD-4737-A63A-2D3CBC2D942C}
[2013.03.04 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
[2013.03.04 12:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN
[2013.03.04 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{EF5457BC-169F-4FBC-BC84-B55AF0D3121C}
[2013.03.03 08:24:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F619A86A-58C1-4349-BB29-2E1279B144AC}
[2013.03.02 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Desktop\xyyy
[2013.03.02 08:28:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{088675A9-A353-4668-9545-4C9F27DDA4DE}
[2013.03.01 08:35:24 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B7476F08-1590-4474-88D9-6B982928F6E2}
[2013.02.28 19:41:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{42A4BC10-74EB-45B6-94AE-7C2F6A1C732E}
[2013.02.27 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{34A76B59-87F8-4BFB-B7F4-A8488C42C72E}
[2013.02.27 06:40:19 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{E4C6DE94-3463-445E-954C-08ACC884A93D}
[2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.26 07:54:05 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{038F85B3-0437-4E06-A222-A427311832A9}
[2013.02.25 06:50:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91906DC9-2545-42C0-B135-DB8C6D331F1D}
[2013.02.24 08:10:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91FC1C01-7701-4E05-B87C-DD532124857E}
[2013.02.23 09:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.23 09:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.02.23 09:17:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F851713B-47CA-4933-8BAC-BC98712AC615}
[2013.02.22 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D49FBA95-891A-425D-8B57-63AC5E26B008}
[2013.02.22 02:50:36 | 000,037,064 | ---- | C] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys
[2013.02.22 02:37:16 | 000,040,136 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
[2013.02.21 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{343FEAC0-1A8E-41B8-BE61-363F91E05904}
[2013.02.20 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{FA038185-FBE0-49E2-9F3D-FA589DDA95D3}
[2013.02.19 16:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{6A946F5A-10A0-4379-B8F1-1F78BA520192}
[2013.02.18 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{DAA566C7-8CFD-4C08-B3BE-CBC73A0856BB}
[2013.02.17 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{3E84B599-8ABD-45BA-AB21-FCC2C4A37270}
[2013.02.16 08:36:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{324900D5-BD35-480C-B97B-89D6B0664098}
[2013.02.15 08:35:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{A40328DD-F743-4E8B-AE67-1EB46DEAB0E3}
[2013.02.14 09:09:16 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{4A30E1E7-47CC-4690-84D7-725D630FA3B6}
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.15 13:56:16 | 008,010,930 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.15 13:56:16 | 002,766,072 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.15 13:56:16 | 002,414,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.15 13:56:16 | 002,159,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.15 13:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.15 13:52:15 | 002,417,863 | ---- | M] (Swearware) -- C:\Users\JEEZY\Desktop\ComboFix.exe
[2013.03.15 13:50:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.15 13:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.15 13:50:14 | 2810,097,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 13:48:41 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 13:48:41 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.14 22:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.14 22:07:41 | 000,000,512 | ---- | M] () -- C:\Users\JEEZY\Desktop\MBR.dat
[2013.03.14 22:04:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JEEZY\Desktop\tdsskiller.exe
[2013.03.14 20:58:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\JEEZY\Desktop\aswMBR.exe
[2013.03.14 19:36:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000UA.job
[2013.03.13 22:54:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.13 18:44:51 | 000,377,856 | ---- | M] () -- C:\Users\JEEZY\Desktop\gmer_2.1.19155.exe
[2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe
[2013.03.13 18:33:34 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.11 20:35:38 | 000,082,828 | ---- | M] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg
[2013.03.09 16:52:12 | 000,000,216 | ---- | M] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url
[2013.03.09 16:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000Core.job
[2013.03.09 10:38:29 | 000,001,278 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.03.04 11:28:18 | 000,019,985 | ---- | M] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg
[2013.03.03 10:44:43 | 000,362,063 | ---- | M] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg
[2013.03.03 10:27:32 | 000,076,290 | ---- | M] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg
[2013.02.26 16:34:22 | 000,013,359 | ---- | M] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg
[2013.02.26 16:32:03 | 000,004,304 | ---- | M] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg
[2013.02.26 16:22:41 | 000,007,573 | ---- | M] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg
[2013.02.26 16:19:13 | 000,007,185 | ---- | M] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg
[2013.02.26 16:15:23 | 000,014,462 | ---- | M] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg
[2013.02.23 09:37:02 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys
[2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
[2013.02.14 17:53:45 | 029,241,680 | ---- | M] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav
[2013.02.14 16:53:48 | 008,559,440 | ---- | M] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav
[2013.02.13 15:35:38 | 000,269,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.14 22:07:41 | 000,000,512 | ---- | C] () -- C:\Users\JEEZY\Desktop\MBR.dat
[2013.03.13 18:44:50 | 000,377,856 | ---- | C] () -- C:\Users\JEEZY\Desktop\gmer_2.1.19155.exe
[2013.03.13 18:33:34 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.11 20:35:38 | 000,082,828 | ---- | C] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg
[2013.03.09 16:52:12 | 000,000,216 | ---- | C] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url
[2013.03.09 15:33:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.04 11:28:16 | 000,019,985 | ---- | C] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg
[2013.03.03 10:44:43 | 000,362,063 | ---- | C] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg
[2013.03.03 10:27:31 | 000,076,290 | ---- | C] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg
[2013.02.26 16:34:21 | 000,013,359 | ---- | C] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg
[2013.02.26 16:32:02 | 000,004,304 | ---- | C] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg
[2013.02.26 16:22:40 | 000,007,573 | ---- | C] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg
[2013.02.26 16:19:13 | 000,007,185 | ---- | C] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg
[2013.02.26 16:15:21 | 000,014,462 | ---- | C] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg
[2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.14 17:51:13 | 029,241,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav
[2013.02.14 16:53:02 | 008,559,440 | ---- | C] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav
[2012.11.25 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.11.18 03:01:11 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.12 14:24:53 | 000,944,720 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_12_15_24_50.wav
[2012.10.11 19:31:18 | 079,175,120 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_11_20_31_10.wav
[2012.08.15 20:48:17 | 038,559,440 | ---- | C] () -- C:\Users\JEEZY\meilenstein nilson.wav
[2012.07.13 21:40:35 | 117,982,160 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_07_13_22_40_33.wav
[2012.07.10 19:26:29 | 000,005,120 | ---- | C] () -- C:\Users\JEEZY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.01 17:47:15 | 006,754,640 | ---- | C] () -- C:\Users\JEEZY\LORUS.wav
[2012.06.21 22:12:40 | 013,499,600 | ---- | C] () -- C:\Users\JEEZY\snt.wav
[2012.04.24 16:04:48 | 000,716,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_24_17_4_47.wav
[2012.04.13 17:29:25 | 000,612,560 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_13_18_29_23.wav
[2012.04.12 22:16:55 | 001,036,880 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_12_23_16_54.wav
[2012.04.09 20:03:07 | 023,005,520 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_09_21_3_5.wav
[2012.03.11 16:38:16 | 044,995,280 | ---- | C] () -- C:\Users\JEEZY\singen.wav
[2012.02.20 19:59:46 | 001,772,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_20_19_59_44.wav
[2012.02.16 21:56:54 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.02.12 19:03:50 | 023,913,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_12_19_3_48.wav
[2011.12.30 04:46:42 | 053,118,764 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_11_12_30_4_46_40.wav
[2011.12.14 19:39:22 | 000,141,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.12.14 19:39:22 | 000,138,056 | ---- | C] () -- C:\Users\JEEZY\AppData\Roaming\PnkBstrK.sys
[2011.12.14 19:38:56 | 000,281,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.12.14 19:38:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.12.10 17:12:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.07 18:01:44 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.11.06 21:08:31 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.11.06 03:06:54 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.11.06 03:06:54 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.11.05 20:54:30 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.11.05 20:24:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.11.05 20:21:21 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.11.05 20:20:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.05 20:20:15 | 000,028,578 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.14 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Alxase
[2011.11.05 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\DAEMON Tools Pro
[2012.08.14 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Doelna
[2013.03.15 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Dropbox
[2012.11.09 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\FileZilla
[2012.07.20 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\fltk.org
[2013.03.14 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\HLSW
[2013.03.13 18:06:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield
[2013.03.14 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ICQ
[2012.02.20 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\java
[2012.02.18 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\LolClient
[2012.08.14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Matii
[2012.12.15 23:36:19 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Opera
[2012.08.12 16:53:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Publish Providers
[2012.02.09 16:18:16 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Screaming Bee
[2012.08.12 16:53:03 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Sony
[2012.07.27 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\SplitMediaLabs
[2012.02.20 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TeamViewer
[2012.02.12 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Teeworlds
[2013.03.13 18:46:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TS3Client
[2011.11.06 02:40:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ts3overlay
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Bei Combofix bekomme ich folgende Nachricht :
Zitat:
NSIS Error

Installer integrity check has failed. Common causes nclude incomplete download and damaged media.
Conttact the installer's authorto obtain a new copy.

More information at:
hxxp://nsis.sf,net/NSIS_Error

Alt 15.03.2013, 18:25   #10
aharonov
/// TB-Ausbilder
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Hi,

Zitat:
Bei Combofix bekomme ich folgende Nachricht :
Versuch bitte, Combofix noch einmal neu herunterzuladen und auszuführen. Klappt es dann immer noch nicht?
__________________
cheers,
Leo

Alt 15.03.2013, 22:32   #11
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Ahh jetzt ging es.
Combofix
Code:
ATTFilter
ComboFix 13-03-15.01 - JEEZY 15.03.2013  22:23:10.1.8 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3573.2035 [GMT 1:00]
ausgeführt von:: c:\users\JEEZY\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
c:\windows\system32\ijl11.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-15 bis 2013-03-15  ))))))))))))))))))))))))))))))
.
.
2013-03-15 21:28 . 2013-03-15 21:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-15 21:28 . 2013-03-15 21:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-15 12:45 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1714059-2584-43DB-BCD1-0B4C26AEE4FA}\mpengine.dll
2013-03-14 05:07 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-13 17:33 . 2013-03-13 17:33	--------	d-----w-	c:\users\JEEZY\AppData\Roaming\Malwarebytes
2013-03-13 17:33 . 2013-03-13 17:33	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-13 17:33 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-13 17:06 . 2013-03-13 17:06	--------	d-----w-	c:\users\JEEZY\AppData\Roaming\Hotspot Shield
2013-03-09 16:40 . 2013-03-12 17:39	--------	d-----w-	c:\programdata\ManiaPlanet
2013-03-09 16:40 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-03-09 16:40 . 2010-05-26 10:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2013-03-09 15:24 . 2013-03-09 15:24	--------	d-----w-	c:\users\JEEZY\AppData\Local\Macromedia
2013-03-09 14:33 . 2013-03-09 14:33	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-09 14:32 . 2010-06-02 03:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-03-09 14:32 . 2010-06-02 03:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-03-09 14:32 . 2010-06-02 03:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2013-03-09 14:32 . 2010-05-26 10:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2013-03-09 14:32 . 2010-05-26 10:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-03-09 14:32 . 2010-05-26 10:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2013-03-04 11:36 . 2013-03-04 11:36	--------	d-----w-	c:\program files\PrivitizeVPN
2013-02-26 06:54 . 2013-02-26 06:54	--------	d-----w-	c:\program files\Common Files\Skype
2013-02-23 08:37 . 2013-02-23 08:37	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-02-22 01:50 . 2013-02-22 01:50	37064	----a-w-	c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:37 . 2013-02-22 01:37	40136	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-09 14:33 . 2011-11-05 19:43	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 20:32	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:32	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2011-11-05 19:38	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 09:22	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 09:22	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 09:22	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 09:23	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 09:22	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 09:22	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-17 10:38 . 2011-11-06 20:08	867344	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2012-12-16 14:13 . 2012-12-21 18:35	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:35	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-07-03 14:40 . 2011-11-06 20:08	265120	----a-w-	c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\JEEZY\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\JEEZY\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\JEEZY\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\program files\ICQ7.6\ICQ.exe" [2011-11-05 127040]
"Facebook Update"="c:\users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Steam"="d:\program files\Steam\steam.exe" [2013-02-25 1602984]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-28 10127976]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe" [2011-03-02 361216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"speedvid"="c:\program files\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe" [2012-10-15 6020096]
"PrivitizeVPN"="c:\program files\PrivitizeVPN\PrivitizeVPN.exe" [2013-03-04 196784]
.
c:\users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JEEZY\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Facebook Messenger.lnk - c:\users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;d:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 21:53	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-09 14:33]
.
2013-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000Core.job
- c:\users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-08 14:31]
.
2013-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000UA.job
- c:\users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-08 14:31]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-20 15:43]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-20 15:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - d:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-02-23 09:37; toolbar@web.de; c:\users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\toolbar@web.de
FF - ExtSQL: 2013-03-12 20:11; afurladvisor@anchorfree.com; d:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Irsacu - c:\users\JEEZY\AppData\Roaming\Doelna\zaesw.exe
AddRemove-PunkBusterSvc - d:\program files\STEAM\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe
AddRemove-True - ROCCAT 1.1.0 - d:\program files\Steam\skins\True - ROCCAT 1.1.0\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1221864313-813813898-1403309165-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1221864313-813813898-1403309165-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-15  22:29:26
ComboFix-quarantined-files.txt  2013-03-15 21:29
.
Vor Suchlauf: 8 Verzeichnis(se), 12.396.101.632 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 19.008.331.776 Bytes frei
.
- - End Of File - - 22BB61F6DF52976D515BBD221B188474
         

Alt 15.03.2013, 23:00   #12
aharonov
/// TB-Ausbilder
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Hi,

besteht das Problem mit dem unerwünschten HIntergrundsound im Browser immer noch?
__________________
cheers,
Leo

Alt 16.03.2013, 07:06   #13
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Guten Morgen,

also bis jetzt kam keine lästige Werbung mehr im Hintergrund :-) Vielen lieben Dank !!!
Mit was genau hattest du es jetzt zutun? Kann ich ohne Bedenken wieder meinen Rechner benutzen? Herzlichen Dank nochmal :-)))

Lg txea

Alt 16.03.2013, 14:32   #14
aharonov
/// TB-Ausbilder
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



Hi,

wir sind noch nicht fertig!


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
[2012.08.14 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Alxase
[2012.08.14 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Doelna
[2012.08.14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Matii

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 16.03.2013, 20:10   #15
txea
 
Musik im Hintergrund wenn Browser offen ist WIN7 - Standard

Musik im Hintergrund wenn Browser offen ist WIN7



OTL
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\JEEZY\AppData\Roaming\Alxase folder moved successfully.
C:\Users\JEEZY\AppData\Roaming\Doelna folder moved successfully.
C:\Users\JEEZY\AppData\Roaming\Matii folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: JEEZY
->Temp folder emptied: 11209302 bytes
->Temporary Internet Files folder emptied: 511437218 bytes
->Java cache emptied: 13324598 bytes
->FireFox cache emptied: 344639001 bytes
->Google Chrome cache emptied: 13922496 bytes
->Opera cache emptied: 15354661 bytes
->Flash cache emptied: 60136 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 868,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03162013_183617

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JEEZY :: JEEZY1 [Administrator]

Schutz: Aktiviert

16.03.2013 18:43:04
mbam-log-2013-03-16 (18-43-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228833
Laufzeit: 1 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java 7 Update 17  
 Adobe Flash Player 	11.5.502.146  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (19.0) 
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 windows defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
ESET keine Funde

Antwort

Themen zu Musik im Hintergrund wenn Browser offen ist WIN7
browser, community, dasselbe, ebay, erscheint, firefox, gen, hilfe!, hintergrund, infiziert, komische, musik, musik im hintergrund, offen, problem, rechner, viren, virus, werbung, win, win7, wirklich, überhaupt, ähnliches



Ähnliche Themen: Musik im Hintergrund wenn Browser offen ist WIN7


  1. Windows 7: PC friert oft ein. Auch wenn nur Outlook offen ist.
    Log-Analyse und Auswertung - 01.11.2015 (21)
  2. Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser
    Log-Analyse und Auswertung - 05.02.2015 (12)
  3. Musik im Hintergrund (von FB )
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (1)
  4. Werbung und Musik im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 02.01.2014 (12)
  5. Menge Pop-Ups und Musik im Hintergrund.
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (4)
  6. Musik im Hintergrund?
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (5)
  7. Werbung / Musik im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (1)
  8. Alle Browser spielen verrückt, Musik im Hintergrund - Verdacht auf einiges Ungeziefer
    Log-Analyse und Auswertung - 23.11.2010 (6)
  9. Laptop langsam, laut und hohe cpu wenn firefox offen
    Log-Analyse und Auswertung - 02.11.2010 (1)
  10. Musik im Hintergrund! Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (21)
  11. Musik im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (34)
  12. Musik im Hintergrund,Pop-ups in IE-Fenstern
    Log-Analyse und Auswertung - 17.08.2010 (41)
  13. Pc laggt wenn ich 2 Metin2 Fenster offen habe!
    Alles rund um Windows - 12.07.2010 (0)
  14. iexplorer.exe 2x offen sounds im hintergrund
    Log-Analyse und Auswertung - 18.01.2010 (4)
  15. iexplorer mehrfach im Hintergrund offen
    Log-Analyse und Auswertung - 30.09.2009 (21)
  16. Musik läuft im Hintergrund
    Alles rund um Windows - 17.05.2009 (2)
  17. Bei mir läuft Musik im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 08.05.2007 (8)

Zum Thema Musik im Hintergrund wenn Browser offen ist WIN7 - Hallo liebe Community, Ich vermute,dass mein Rechner mit einem Virus infiziert ist, da ich durch die SuFu einen User gefunden habe, welcher dasselbe bzw ein ähnliches Problem hatte ( http://www.trojaner-board.de/124178-...-platinum.html - Musik im Hintergrund wenn Browser offen ist WIN7...
Archiv
Du betrachtest: Musik im Hintergrund wenn Browser offen ist WIN7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.