Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Musik Trojaner auf Win7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.05.2012, 13:41   #1
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Guten Tag,
Ich habe gestern zum ersten Mal festgestellt, dass Musik aus dem Lautsprecher heraustönt. Es war Schlachtmusik, welche mich sehr irritiert hat.
Zunächst habe ich meinen PC nach der Musik durchforstet und dachte sofort an einen Virus. Nach einer Internet-Recherche kam ich meiner Idee auch nach.
Das hat mich somit auch hierher verschlagen.
Mein PC ist gerade eben zum ersten mal abgestürtzt, es erschien der Bluescreen mit einem ähnlichen Schriftzug wie "Your PC had to shut down" Und noch ein Nebensatz damit, dass etwas beschädigt wurde oder ähnliches. Seitdem bin ich im abgesicherten Modus.
Gestern habe ich Malwarebytes Anti Malware drüberlaufen lassen, dennoch hat es im Vollscandurchlauf nichts gefunden.
Defogger gab auch keine Fehlermeldung.

hier der Log
Code:
ATTFilter
 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

22.05.2012 22:41:34
mbam-log-2012-05-22 (22-41-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340129
Laufzeit: 37 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
DDS LogDDS Logfile:
Code:
ATTFilter
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by *** at 12:57:36 on 2012-05-23
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.2071 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\FILSHtray\FILSHtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common 

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet 

Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ICQ Sparberater: {fe163f11-1919-4257-a280-ff5af8daeecb} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Google Update] "C:\Users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [FILSHtray] "C:\Program Files (x86)\FILSHtray\FILSHtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\***\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:

\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FILSHT~1.LNK - C:\Program Files 

(x86)\FILSHtray\FILSHtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{78F4FF4B-475D-4C63-A512-61EB39BADE6F} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{AC42FE06-C65C-4912-888F-9894463A366A} : DhcpNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet 

Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FE163F11-1919-4257-A280-FF5AF8DAEECB}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [FILSHtray] "C:\Program Files (x86)\FILSHtray\FILSHtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Pascal\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
.
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows

\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-

1-3 63928]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-11-5 247872]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS

\LVUSBS64.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows

\system32\DRIVERS\netr7364.sys [?]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys --> C:\Windows\system32\DRIVERS

\Ph3xIB64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows

\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows

\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers

\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-23 10:43:35	8955792	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2B23C24-

01D2-40A7-B796-260916FDA1B2}\mpengine.dll
2012-05-22 20:30:18	--------	d-----w-	C:\Users\***\AppData\Roaming\Malwarebytes
2012-05-22 20:28:45	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-05-22 20:28:42	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-05-22 20:28:42	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-21 11:41:25	8955792	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup

\mpengine.dll
2012-05-17 19:55:47	--------	d-----w-	C:\Users\***\AppData\Local\SmoothDraw
2012-05-14 17:16:57	592824	----a-w-	C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-14 17:16:57	44472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-10 14:04:46	1544704	----a-w-	C:\Windows\System32\DWrite.dll
2012-05-10 14:04:46	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-05-10 14:04:44	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-10 14:04:44	3146240	----a-w-	C:\Windows\System32\win32k.sys
2012-05-10 14:04:43	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 14:04:43	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 14:04:06	75120	----a-w-	C:\Windows\System32\drivers\partmgr.sys
2012-05-10 14:03:49	1918320	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-05-10 14:03:45	1732096	----a-w-	C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 14:03:45	1367552	----a-w-	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:03:44	936960	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:03:44	1402880	----a-w-	C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 14:03:44	1393664	----a-w-	C:\Program Files\Windows Journal\JNTFiltr.dll
2012-04-29 12:57:27	--------	d-----r-	C:\Program Files (x86)\Skype
.
==================== Find3M  ====================
.
2012-05-04 23:37:58	70304	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:37:58	419488	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:37:24	8744608	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 18:44:12	98688	----a-w-	C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12	203888	----a-w-	C:\Windows\System32\drivers\MpFilter.sys
2012-03-01 06:46:16	23408	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27	220672	----a-w-	C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50	81408	----a-w-	C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47	5120	----a-w-	C:\Windows\System32\wmi.dll
2012-03-01 05:37:41	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48	2311168	----a-w-	C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56	1390080	----a-w-	C:\Windows\System32\wininet.dll
2012-02-28 06:48:57	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55	1799168	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-02-23 18:22:47	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 12:58:08,18 ===============
         
[/CODE]
--- --- ---
Ich habe übrigens einen Windows 7 64 Bit Professional Service Pack 1

Ich hoffe, Ihr könnt mir helfen
Danke im Voraus.

Geändert von Einequalle (23.05.2012 um 14:35 Uhr)

Alt 25.05.2012, 13:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 25.05.2012, 18:12   #3
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Nein, das ist das erste Log. Ich habe es mir an dem Tag erst heruntergeladen und dann gescannt.
__________________

Alt 25.05.2012, 23:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.05.2012, 01:24   #5
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



ESET Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=596873d7b208c14ab9fb3a0943cb5ac2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-27 05:14:32
# local_time=2012-05-27 07:14:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17668177 89701614 0 0
# compatibility_mode=8192 67108863 100 0 632 632 0 0
# scanned=669586
# found=0
# cleaned=0
# scan_time=23908
         
Also, ich habe vor einigen Tagen meinen PC auf einen ähnlichen abgesicherten Modus eingestellt, weil ich ihn nicht anders in den eben genannten Modus bekomme. Ich komme dann nur ins Bootmenü und dann startet er ganz normal.
Also bei der Systemkonfiguration habe ich "Benutzerdefinierter Start", obwohl ich im Prinzip "Diagnosestart" angeklickt habe, was der PC jedoch von allein änderte.
Seitdem habe ich nichts mehr gehört. Und auch ESET hat nichts gefunden.
Das irritiert mich nun. Aber ich bin mir sicher, dass der Trojaner noch da ist.


Alt 29.05.2012, 08:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Musik Trojaner auf Win7

Alt 29.05.2012, 14:39   #7
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



In dem Kasten "Benutzerdefinierte Scans/Fixes" war nichts drin, vor und nach dem Scan.


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.05.2012 15:19:48 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,89% Memory free
6,00 Gb Paging File | 5,08 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 320,62 Gb Free Space | 68,85% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 4,94 Gb Free Space | 1,66% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 15:17:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.05 01:37:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 61 C2 43 58 9A CC 01  [binary data]
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***l\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.14 19:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.04 13:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.05.11 12:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions
[2012.04.04 05:04:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.04 05:04:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.27 00:32:10 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-1.xml
[2012.01.24 16:28:55 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-2.xml
[2012.03.09 17:15:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-3.xml
[2012.04.05 05:37:57 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-4.xml
[2012.04.13 02:26:29 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-5.xml
[2012.05.27 00:30:12 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-6.xml
[2011.12.28 19:00:56 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin.xml
[2012.04.29 14:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.29 14:57:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.13 02:26:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TB4DM1MY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.14 19:16:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.05 05:37:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.05 05:37:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.05 05:37:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.05 05:37:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.05 05:37:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.05 05:37:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\.orig
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78F4FF4B-475D-4C63-A512-61EB39BADE6F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC42FE06-C65C-4912-888F-9894463A366A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 15:17:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.27 00:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.27 00:25:24 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.05.23 23:38:22 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.23 14:11:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.05.23 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2012.05.23 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.23 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.05.23 12:55:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.05.22 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.05.22 22:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 22:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.22 22:28:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.22 22:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.22 22:22:57 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\malwarebytes_antimalware_1.61.exe
[2012.05.17 21:55:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SmoothDraw
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 15:17:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.29 14:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-295342631-741372405-1075544715-1000UA.job
[2012.05.29 14:37:47 | 001,628,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.29 14:37:47 | 000,702,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.29 14:37:47 | 000,657,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.29 14:37:47 | 000,150,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.29 14:37:47 | 000,122,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.29 14:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.29 14:33:55 | 000,006,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 14:33:55 | 000,006,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 14:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 14:33:18 | 2414,723,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 02:42:02 | 000,001,495 | ---- | M] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2012.05.28 21:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-295342631-741372405-1075544715-1000Core.job
[2012.05.28 18:50:07 | 000,053,248 | -H-- | M] () -- C:\Users\***\Desktop\photothumb.db
[2012.05.28 18:49:08 | 000,968,079 | ---- | M] () -- C:\Users\***\Desktop\michelle.gif
[2012.05.28 18:13:50 | 000,014,290 | ---- | M] () -- C:\Users\***\Desktop\N.jpg
[2012.05.27 00:49:19 | 000,085,009 | ---- | M] () -- C:\Users\***\Desktop\LisaUndSteffi.jpg
[2012.05.27 00:25:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.05.23 14:11:37 | 407,099,392 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.23 13:14:25 | 000,001,780 | ---- | M] () -- C:\Users\***\Desktop\Attach.zip
[2012.05.23 13:12:23 | 000,357,798 | ---- | M] () -- C:\Users\***\Desktop\Neuer Ordner.zip
[2012.05.23 13:02:11 | 001,110,476 | ---- | M] () -- C:\Users\***\Desktop\7z920.exe
[2012.05.23 12:55:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.05.23 12:52:56 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.05.23 12:49:47 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.22 22:28:49 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 22:23:09 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\malwarebytes_antimalware_1.61.exe
[2012.05.21 23:13:22 | 000,020,893 | ---- | M] () -- C:\Users\***\Documents\grau.sddoc
[2012.05.21 22:20:04 | 000,016,685 | ---- | M] () -- C:\Users\***\Documents\szak.gif
[2012.05.21 21:53:50 | 000,331,749 | ---- | M] () -- C:\Users\***\Documents\stümmt.sddoc
[2012.05.21 21:50:59 | 000,059,321 | ---- | M] () -- C:\Users\***\Desktop\stümmt.jpg
[2012.05.21 16:12:47 | 000,010,363 | ---- | M] () -- C:\Users\***\Documents\hintergrund.gif
[2012.05.21 16:12:24 | 000,039,753 | ---- | M] () -- C:\Users\***\Documents\2011.gif
[2012.05.21 14:00:16 | 000,014,448 | ---- | M] () -- C:\Users\***\Documents\Ak_B.gif
[2012.05.21 14:00:04 | 000,094,215 | ---- | M] () -- C:\Users\***\Documents\Ak_B.sddoc
[2012.05.21 13:42:29 | 000,115,168 | ---- | M] () -- C:\Users\***\Documents\AK_11.sddoc
[2012.05.14 16:51:02 | 000,769,267 | ---- | M] () -- C:\Users\***\Documents\albert.hofmann-lsd.mein.sorgenkind.pdf
[2012.05.11 11:47:32 | 000,443,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 00:16:03 | 003,707,384 | ---- | M] () -- C:\Users\***\Desktop\Robert Miles, Childern.mp3
[2012.05.10 00:14:42 | 000,034,696 | ---- | M] () -- C:\Users\***\Desktop\PIC_12-02-26_05-13-39.jpg
[2012.05.10 00:14:16 | 000,078,419 | ---- | M] () -- C:\Users\***\Desktop\Yo_10.jpg
[2012.05.10 00:13:51 | 000,130,050 | ---- | M] () -- C:\Users\***\Desktop\Yo_00.jpg
[2012.05.06 23:46:30 | 000,190,170 | ---- | M] () -- C:\Users\***\Documents\10b_092.jpg
[2012.05.06 23:40:01 | 000,016,590 | ---- | M] () -- C:\Users\***\Documents\Siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid.jpg
[2012.05.05 02:53:25 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.05 02:53:10 | 001,650,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.02 13:41:31 | 018,722,954 | ---- | M] () -- C:\Users\***\Desktop\WISE_full_sky.jpg
 
========== Files Created - No Company Name ==========
 
[2012.05.28 18:49:25 | 000,968,079 | ---- | C] () -- C:\Users\***\Desktop\***.gif
[2012.05.28 18:13:50 | 000,014,290 | ---- | C] () -- C:\Users\***\Desktop\N.jpg
[2012.05.27 00:49:15 | 000,085,009 | ---- | C] () -- C:\Users\***\Desktop\LisaUndSteffi.jpg
[2012.05.23 14:11:37 | 407,099,392 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.23 13:14:25 | 000,001,780 | ---- | C] () -- C:\Users\***\Desktop\Attach.zip
[2012.05.23 13:12:22 | 000,357,798 | ---- | C] () -- C:\Users\***\Desktop\Neuer Ordner.zip
[2012.05.23 13:02:12 | 001,110,476 | ---- | C] () -- C:\Users\***\Desktop\7z920.exe
[2012.05.23 12:52:56 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.05.23 12:49:55 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.22 22:28:49 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.21 23:13:22 | 000,020,893 | ---- | C] () -- C:\Users\***\Documents\grau.sddoc
[2012.05.21 22:19:58 | 000,016,685 | ---- | C] () -- C:\Users\***\Documents\szak.gif
[2012.05.21 21:53:50 | 000,331,749 | ---- | C] () -- C:\Users\***\Documents\stümmt.sddoc
[2012.05.21 21:50:55 | 000,059,321 | ---- | C] () -- C:\Users\***\Desktop\stümmt.jpg
[2012.05.21 16:12:47 | 000,010,363 | ---- | C] () -- C:\Users\***\Documents\hintergrund.gif
[2012.05.21 16:12:24 | 000,039,753 | ---- | C] () -- C:\Users\***\Documents\2011.gif
[2012.05.21 14:00:16 | 000,014,448 | ---- | C] () -- C:\Users\***\Documents\Ak_B.gif
[2012.05.21 14:00:04 | 000,094,215 | ---- | C] () -- C:\Users\***\Documents\Ak_B.sddoc
[2012.05.21 13:42:29 | 000,115,168 | ---- | C] () -- C:\Users\***\Documents\AK_11.sddoc
[2012.05.14 16:51:02 | 000,769,267 | ---- | C] () -- C:\Users\***\Documents\albert.hofmann-lsd.mein.sorgenkind.pdf
[2012.05.10 00:16:00 | 003,707,384 | ---- | C] () -- C:\Users\***\Desktop\Robert Miles, Childern.mp3
[2012.05.10 00:14:45 | 000,034,696 | ---- | C] () -- C:\Users\***\Desktop\PIC_12-02-26_05-13-39.jpg
[2012.05.10 00:14:18 | 000,078,419 | ---- | C] () -- C:\Users\***\Desktop\Yo_10.jpg
[2012.05.10 00:13:58 | 000,130,050 | ---- | C] () -- C:\Users\***\Desktop\Yo_00.jpg
[2012.05.06 23:46:13 | 000,190,170 | ---- | C] () -- C:\Users\***\Documents\10b_092.jpg
[2012.05.06 23:39:52 | 000,016,590 | ---- | C] () -- C:\Users\***\Documents\Siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid.jpg
[2012.05.02 13:41:36 | 018,722,954 | ---- | C] () -- C:\Users\***\Desktop\WISE_full_sky.jpg
[2012.04.30 19:25:21 | 000,823,539 | ---- | C] () -- C:\Users\***\Desktop\DSC_2146.JPG
[2011.11.13 20:43:57 | 000,001,495 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2011.11.04 13:46:11 | 001,650,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.01.13 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.05.29 15:14:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.13 17:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.12.27 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2011.11.24 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.03.30 10:36:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 29.05.2012, 14:42   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Zitat:
In dem Kasten "Benutzerdefinierte Scans/Fixes" war nichts drin, vor und nach dem Scan.
Du sollst meinen Text da auch reinkopieren!! Steht doch da! => Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2012, 15:27   #9
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Entschuldigung, habe mich verlesen.

Hier nochmal das ganze

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.05.2012 16:04:12 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,53% Memory free
6,00 Gb Paging File | 4,99 Gb Available in Paging File | 83,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 320,62 Gb Free Space | 68,85% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 4,94 Gb Free Space | 1,66% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 15:17:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.05 01:37:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 61 C2 43 58 9A CC 01  [binary data]
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.14 19:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.04 13:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.05.11 12:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions
[2012.04.04 05:04:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.04 05:04:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.27 00:32:10 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-1.xml
[2012.01.24 16:28:55 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-2.xml
[2012.03.09 17:15:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-3.xml
[2012.04.05 05:37:57 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-4.xml
[2012.04.13 02:26:29 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-5.xml
[2012.05.27 00:30:12 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-6.xml
[2011.12.28 19:00:56 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin.xml
[2012.04.29 14:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.29 14:57:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.13 02:26:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TB4DM1MY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.14 19:16:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.05 05:37:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.05 05:37:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.05 05:37:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.05 05:37:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.05 05:37:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.05 05:37:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\.orig
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78F4FF4B-475D-4C63-A512-61EB39BADE6F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC42FE06-C65C-4912-888F-9894463A366A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FILSHtray.lnk - C:\PROGRA~2\FILSHT~1\FILSHT~1.EXE - (FILSH Media GmbH)
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= - C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 15:17:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.27 00:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.27 00:25:24 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.05.23 23:38:22 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.23 14:11:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.05.23 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2012.05.23 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.23 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.05.23 12:55:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.05.22 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.05.22 22:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 22:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.22 22:28:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.22 22:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.22 22:22:57 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\malwarebytes_antimalware_1.61.exe
[2012.05.17 21:55:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SmoothDraw
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 16:03:40 | 000,006,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 16:03:40 | 000,006,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 15:58:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-295342631-741372405-1075544715-1000UA.job
[2012.05.29 15:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.29 15:17:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.29 14:37:47 | 001,628,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.29 14:37:47 | 000,702,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.29 14:37:47 | 000,657,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.29 14:37:47 | 000,150,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.29 14:37:47 | 000,122,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.29 14:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 14:33:18 | 2414,723,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 02:42:02 | 000,001,495 | ---- | M] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2012.05.28 21:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-295342631-741372405-1075544715-1000Core.job
[2012.05.28 18:50:07 | 000,053,248 | -H-- | M] () -- C:\Users\***\Desktop\photothumb.db
[2012.05.28 18:49:08 | 000,968,079 | ---- | M] () -- C:\Users\***\Desktop\michelle.gif
[2012.05.28 18:13:50 | 000,014,290 | ---- | M] () -- C:\Users\***\Desktop\N.jpg
[2012.05.27 00:49:19 | 000,085,009 | ---- | M] () -- C:\Users\***\Desktop\LisaUndSteffi.jpg
[2012.05.27 00:25:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.05.23 14:11:37 | 407,099,392 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.23 13:14:25 | 000,001,780 | ---- | M] () -- C:\Users\***\Desktop\Attach.zip
[2012.05.23 13:12:23 | 000,357,798 | ---- | M] () -- C:\Users\***\Desktop\Neuer Ordner.zip
[2012.05.23 13:02:11 | 001,110,476 | ---- | M] () -- C:\Users\***\Desktop\7z920.exe
[2012.05.23 12:55:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.05.23 12:52:56 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.05.23 12:49:47 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.22 22:28:49 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 22:23:09 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\malwarebytes_antimalware_1.61.exe
[2012.05.21 23:13:22 | 000,020,893 | ---- | M] () -- C:\Users\***\Documents\grau.sddoc
[2012.05.21 22:20:04 | 000,016,685 | ---- | M] () -- C:\Users\***\Documents\szak.gif
[2012.05.21 21:53:50 | 000,331,749 | ---- | M] () -- C:\Users\***\Documents\stümmt.sddoc
[2012.05.21 21:50:59 | 000,059,321 | ---- | M] () -- C:\Users\***\Desktop\stümmt.jpg
[2012.05.21 16:12:47 | 000,010,363 | ---- | M] () -- C:\Users\***\Documents\hintergrund.gif
[2012.05.21 16:12:24 | 000,039,753 | ---- | M] () -- C:\Users\***\Documents\2011.gif
[2012.05.21 14:00:16 | 000,014,448 | ---- | M] () -- C:\Users\***\Documents\Ak_B.gif
[2012.05.21 14:00:04 | 000,094,215 | ---- | M] () -- C:\Users\***\Documents\Ak_B.sddoc
[2012.05.21 13:42:29 | 000,115,168 | ---- | M] () -- C:\Users\***\Documents\AK_11.sddoc
[2012.05.14 16:51:02 | 000,769,267 | ---- | M] () -- C:\Users\***\Documents\albert.hofmann-lsd.mein.sorgenkind.pdf
[2012.05.11 11:47:32 | 000,443,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 00:16:03 | 003,707,384 | ---- | M] () -- C:\Users\***\Desktop\Robert Miles, Childern.mp3
[2012.05.10 00:14:42 | 000,034,696 | ---- | M] () -- C:\Users\***\Desktop\PIC_12-02-26_05-13-39.jpg
[2012.05.10 00:14:16 | 000,078,419 | ---- | M] () -- C:\Users\***\Desktop\Yo_10.jpg
[2012.05.10 00:13:51 | 000,130,050 | ---- | M] () -- C:\Users\***\Desktop\Yo_00.jpg
[2012.05.06 23:46:30 | 000,190,170 | ---- | M] () -- C:\Users\***\Documents\10b_092.jpg
[2012.05.06 23:40:01 | 000,016,590 | ---- | M] () -- C:\Users\***\Documents\Siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid.jpg
[2012.05.05 02:53:25 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.05 02:53:10 | 001,650,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.02 13:41:31 | 018,722,954 | ---- | M] () -- C:\Users\***\Desktop\WISE_full_sky.jpg
 
========== Files Created - No Company Name ==========
 
[2012.05.28 18:49:25 | 000,968,079 | ---- | C] () -- C:\Users\***\Desktop\michelle.gif
[2012.05.28 18:13:50 | 000,014,290 | ---- | C] () -- C:\Users\***\Desktop\N.jpg
[2012.05.27 00:49:15 | 000,085,009 | ---- | C] () -- C:\Users\***\Desktop\LisaUndSteffi.jpg
[2012.05.23 14:11:37 | 407,099,392 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.23 13:14:25 | 000,001,780 | ---- | C] () -- C:\Users\***\Desktop\Attach.zip
[2012.05.23 13:12:22 | 000,357,798 | ---- | C] () -- C:\Users\***\Desktop\Neuer Ordner.zip
[2012.05.23 13:02:12 | 001,110,476 | ---- | C] () -- C:\Users\***\Desktop\7z920.exe
[2012.05.23 12:52:56 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.05.23 12:49:55 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.22 22:28:49 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.21 23:13:22 | 000,020,893 | ---- | C] () -- C:\Users\***\Documents\grau.sddoc
[2012.05.21 22:19:58 | 000,016,685 | ---- | C] () -- C:\Users\***\Documents\szak.gif
[2012.05.21 21:53:50 | 000,331,749 | ---- | C] () -- C:\Users\***\Documents\stümmt.sddoc
[2012.05.21 21:50:55 | 000,059,321 | ---- | C] () -- C:\Users\***\Desktop\stümmt.jpg
[2012.05.21 16:12:47 | 000,010,363 | ---- | C] () -- C:\Users\***\Documents\hintergrund.gif
[2012.05.21 16:12:24 | 000,039,753 | ---- | C] () -- C:\Users\***\Documents\2011.gif
[2012.05.21 14:00:16 | 000,014,448 | ---- | C] () -- C:\Users\***\Documents\Ak_B.gif
[2012.05.21 14:00:04 | 000,094,215 | ---- | C] () -- C:\Users\***\Documents\Ak_B.sddoc
[2012.05.21 13:42:29 | 000,115,168 | ---- | C] () -- C:\Users\***\Documents\AK_11.sddoc
[2012.05.14 16:51:02 | 000,769,267 | ---- | C] () -- C:\Users\***\Documents\albert.hofmann-lsd.mein.sorgenkind.pdf
[2012.05.10 00:16:00 | 003,707,384 | ---- | C] () -- C:\Users\***\Desktop\Robert Miles, Childern.mp3
[2012.05.10 00:14:45 | 000,034,696 | ---- | C] () -- C:\Users\***\Desktop\PIC_12-02-26_05-13-39.jpg
[2012.05.10 00:14:18 | 000,078,419 | ---- | C] () -- C:\Users\***\Desktop\Yo_10.jpg
[2012.05.10 00:13:58 | 000,130,050 | ---- | C] () -- C:\Users\***\Desktop\Yo_00.jpg
[2012.05.06 23:46:13 | 000,190,170 | ---- | C] () -- C:\Users\***\Documents\10b_092.jpg
[2012.05.06 23:39:52 | 000,016,590 | ---- | C] () -- C:\Users\***\Documents\Siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid.jpg
[2012.05.02 13:41:36 | 018,722,954 | ---- | C] () -- C:\Users\***\Desktop\WISE_full_sky.jpg
[2012.04.30 19:25:21 | 000,823,539 | ---- | C] () -- C:\Users\***\Desktop\DSC_2146.JPG
[2011.11.13 20:43:57 | 000,001,495 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2011.11.04 13:46:11 | 001,650,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.01.13 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.05.29 15:14:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.13 17:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.12.27 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2011.11.24 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.03.30 10:36:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.13 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.11.04 15:34:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.12.03 01:20:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.05.29 15:14:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.03 19:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.11.03 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.05.22 22:30:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.05.06 05:28:38 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.11.04 13:26:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.11.13 17:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.12.27 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2012.05.29 16:04:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.11.06 01:14:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.11.24 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011.11.13 20:33:20 | 000,003,262 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2011.11.13 20:33:20 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.11.04 13:42:53 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=0A8910F85D554ADB5C7F5B157FEE8622 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\ProgramData\Microsoft\Windows\RAI\32\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Users\All Users\Microsoft\Windows\RAI\32\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2011.11.04 13:42:54 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=D186BABDFAE7C0D93C9F6AE63957EE96 -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\ProgramData\Microsoft\Windows\RAI\64\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Users\All Users\Microsoft\Windows\RAI\64\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\ProgramData\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Users\All Users\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010.08.14 11:37:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=87A00ED70FEC36D0DD968E5058C29AA1 -- C:\Windows\SysNative\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

Alt 30.05.2012, 08:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 61 C2 43 58 9A CC 01  [binary data]
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-295342631-741372405-1075544715-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
[2012.04.04 05:04:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.27 00:32:10 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-1.xml
[2012.01.24 16:28:55 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-2.xml
[2012.03.09 17:15:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-3.xml
[2012.04.05 05:37:57 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-4.xml
[2012.04.13 02:26:29 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-5.xml
[2012.05.27 00:30:12 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-6.xml
[2011.12.28 19:00:56 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin.xml
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
:Files
C:\Program Files (x86)\ICQ6Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2012, 14:45   #11
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_USERS\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-295342631-741372405-1075544715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" removed from keyword.URL
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
C:\Program Files (x86)\icq\Internet Explorer\icq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-295342631-741372405-1075544715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
========== FILES ==========
C:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 5350658947 bytes
->Temporary Internet Files folder emptied: 281398145 bytes
->Java cache emptied: 2400659 bytes
->FireFox cache emptied: 254945102 bytes
->Google Chrome cache emptied: 376546876 bytes
->Flash cache emptied: 61738 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 184706679 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 10848505943 bytes
 
Total Files Cleaned = 16.498,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 05302012_152237

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 30.05.2012, 14:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2012, 16:10   #13
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Code:
ATTFilter
17:07:26.0068 1960	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:07:26.0303 1960	============================================================
17:07:26.0303 1960	Current date / time: 2012/05/30 17:07:26.0303
17:07:26.0303 1960	SystemInfo:
17:07:26.0303 1960	
17:07:26.0303 1960	OS Version: 6.1.7601 ServicePack: 1.0
17:07:26.0319 1960	Product type: Workstation
17:07:26.0319 1960	ComputerName: ***-PC
17:07:26.0319 1960	UserName: ***
17:07:26.0319 1960	Windows directory: C:\Windows
17:07:26.0319 1960	System windows directory: C:\Windows
17:07:26.0319 1960	Running under WOW64
17:07:26.0319 1960	Processor architecture: Intel x64
17:07:26.0319 1960	Number of processors: 2
17:07:26.0319 1960	Page size: 0x1000
17:07:26.0319 1960	Boot type: Normal boot
17:07:26.0319 1960	============================================================
17:07:27.0374 1960	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:07:27.0380 1960	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:07:27.0428 1960	============================================================
17:07:27.0428 1960	\Device\Harddisk0\DR0:
17:07:27.0428 1960	MBR partitions:
17:07:27.0428 1960	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:07:27.0428 1960	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:07:27.0428 1960	\Device\Harddisk1\DR1:
17:07:27.0431 1960	MBR partitions:
17:07:27.0431 1960	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
17:07:27.0431 1960	============================================================
17:07:27.0470 1960	C: <-> \Device\Harddisk0\DR0\Partition1
17:07:27.0486 1960	F: <-> \Device\Harddisk1\DR1\Partition0
17:07:27.0486 1960	============================================================
17:07:27.0486 1960	Initialize success
17:07:27.0486 1960	============================================================
17:08:41.0395 2188	============================================================
17:08:41.0395 2188	Scan started
17:08:41.0395 2188	Mode: Manual; SigCheck; TDLFS; 
17:08:41.0395 2188	============================================================
17:08:41.0911 2188	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
17:08:42.0051 2188	1394ohci - ok
17:08:42.0098 2188	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:08:42.0129 2188	ACPI - ok
17:08:42.0145 2188	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:08:42.0254 2188	AcpiPmi - ok
17:08:42.0348 2188	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:08:42.0364 2188	AdobeARMservice - ok
17:08:42.0489 2188	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:08:42.0504 2188	AdobeFlashPlayerUpdateSvc - ok
17:08:42.0551 2188	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:08:42.0567 2188	adp94xx - ok
17:08:42.0614 2188	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:08:42.0645 2188	adpahci - ok
17:08:42.0661 2188	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:08:42.0692 2188	adpu320 - ok
17:08:42.0708 2188	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:08:42.0864 2188	AeLookupSvc - ok
17:08:42.0926 2188	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:08:42.0989 2188	AFD - ok
17:08:43.0051 2188	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:08:43.0098 2188	ALG - ok
17:08:43.0145 2188	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:08:43.0161 2188	aliide - ok
17:08:43.0176 2188	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:08:43.0192 2188	amdide - ok
17:08:43.0208 2188	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:08:43.0270 2188	AmdK8 - ok
17:08:43.0301 2188	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:08:43.0348 2188	AmdPPM - ok
17:08:43.0395 2188	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:08:43.0426 2188	amdsata - ok
17:08:43.0442 2188	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:08:43.0458 2188	amdsbs - ok
17:08:43.0473 2188	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:08:43.0489 2188	amdxata - ok
17:08:43.0520 2188	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:08:43.0676 2188	AppID - ok
17:08:43.0692 2188	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:08:43.0786 2188	AppIDSvc - ok
17:08:43.0833 2188	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:08:43.0911 2188	Appinfo - ok
17:08:44.0036 2188	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:08:44.0051 2188	Apple Mobile Device - ok
17:08:44.0098 2188	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:08:44.0161 2188	AppMgmt - ok
17:08:44.0208 2188	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:08:44.0223 2188	arc - ok
17:08:44.0239 2188	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:08:44.0254 2188	arcsas - ok
17:08:44.0364 2188	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:08:44.0379 2188	aspnet_state - ok
17:08:44.0411 2188	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:44.0489 2188	AsyncMac - ok
17:08:44.0536 2188	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:08:44.0551 2188	atapi - ok
17:08:44.0598 2188	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:44.0692 2188	AudioEndpointBuilder - ok
17:08:44.0708 2188	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:44.0754 2188	AudioSrv - ok
17:08:44.0817 2188	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:08:44.0879 2188	AxInstSV - ok
17:08:44.0958 2188	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:08:45.0004 2188	b06bdrv - ok
17:08:45.0067 2188	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:08:45.0114 2188	b57nd60a - ok
17:08:45.0176 2188	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:08:45.0240 2188	BDESVC - ok
17:08:45.0287 2188	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:08:45.0365 2188	Beep - ok
17:08:45.0443 2188	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:08:45.0521 2188	BFE - ok
17:08:45.0615 2188	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:08:45.0724 2188	BITS - ok
17:08:45.0802 2188	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:08:45.0849 2188	blbdrive - ok
17:08:45.0958 2188	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:08:45.0974 2188	Bonjour Service - ok
17:08:46.0005 2188	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:08:46.0083 2188	bowser - ok
17:08:46.0115 2188	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:08:46.0162 2188	BrFiltLo - ok
17:08:46.0193 2188	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:08:46.0208 2188	BrFiltUp - ok
17:08:46.0240 2188	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:08:46.0318 2188	Browser - ok
17:08:46.0380 2188	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:08:46.0443 2188	Brserid - ok
17:08:46.0490 2188	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:08:46.0537 2188	BrSerWdm - ok
17:08:46.0583 2188	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:08:46.0646 2188	BrUsbMdm - ok
17:08:46.0646 2188	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:08:46.0677 2188	BrUsbSer - ok
17:08:46.0724 2188	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:08:46.0771 2188	BTHMODEM - ok
17:08:46.0833 2188	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:08:46.0865 2188	bthserv - ok
17:08:46.0912 2188	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:46.0990 2188	cdfs - ok
17:08:47.0052 2188	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:08:47.0099 2188	cdrom - ok
17:08:47.0162 2188	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:08:47.0255 2188	CertPropSvc - ok
17:08:47.0303 2188	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:08:47.0350 2188	circlass - ok
17:08:47.0428 2188	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:08:47.0444 2188	CLFS - ok
17:08:47.0491 2188	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:47.0506 2188	clr_optimization_v2.0.50727_32 - ok
17:08:47.0538 2188	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:08:47.0553 2188	clr_optimization_v2.0.50727_64 - ok
17:08:47.0600 2188	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:47.0616 2188	clr_optimization_v4.0.30319_32 - ok
17:08:47.0647 2188	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:08:47.0663 2188	clr_optimization_v4.0.30319_64 - ok
17:08:47.0678 2188	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:08:47.0725 2188	CmBatt - ok
17:08:47.0788 2188	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:08:47.0803 2188	cmdide - ok
17:08:47.0866 2188	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:08:47.0959 2188	CNG - ok
17:08:47.0991 2188	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:08:48.0006 2188	Compbatt - ok
17:08:48.0038 2188	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:08:48.0084 2188	CompositeBus - ok
17:08:48.0131 2188	COMSysApp - ok
17:08:48.0163 2188	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:08:48.0178 2188	crcdisk - ok
17:08:48.0225 2188	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:08:48.0303 2188	CryptSvc - ok
17:08:48.0366 2188	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:08:48.0475 2188	CSC - ok
17:08:48.0538 2188	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:08:48.0569 2188	CscService - ok
17:08:48.0631 2188	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:08:48.0725 2188	DcomLaunch - ok
17:08:48.0788 2188	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:08:48.0866 2188	defragsvc - ok
17:08:48.0944 2188	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:08:49.0022 2188	DfsC - ok
17:08:49.0084 2188	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:08:49.0163 2188	Dhcp - ok
17:08:49.0209 2188	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:08:49.0288 2188	discache - ok
17:08:49.0334 2188	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:08:49.0350 2188	Disk - ok
17:08:49.0381 2188	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:08:49.0397 2188	dmvsc - ok
17:08:49.0428 2188	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:08:49.0491 2188	Dnscache - ok
17:08:49.0538 2188	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:08:49.0616 2188	dot3svc - ok
17:08:49.0663 2188	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:08:49.0756 2188	DPS - ok
17:08:49.0803 2188	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:08:49.0850 2188	drmkaud - ok
17:08:49.0959 2188	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:49.0991 2188	DXGKrnl - ok
17:08:50.0022 2188	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:08:50.0100 2188	EapHost - ok
17:08:50.0272 2188	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:08:50.0397 2188	ebdrv - ok
17:08:50.0506 2188	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:08:50.0553 2188	EFS - ok
17:08:50.0647 2188	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:08:50.0709 2188	ehRecvr - ok
17:08:50.0756 2188	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:08:50.0803 2188	ehSched - ok
17:08:50.0897 2188	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:08:50.0928 2188	elxstor - ok
17:08:50.0944 2188	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:08:50.0991 2188	ErrDev - ok
17:08:51.0053 2188	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:08:51.0131 2188	EventSystem - ok
17:08:51.0194 2188	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:08:51.0225 2188	exfat - ok
17:08:51.0256 2188	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:08:51.0319 2188	fastfat - ok
17:08:51.0397 2188	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:08:51.0459 2188	Fax - ok
17:08:51.0506 2188	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:08:51.0553 2188	fdc - ok
17:08:51.0600 2188	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:08:51.0678 2188	fdPHost - ok
17:08:51.0725 2188	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:08:51.0803 2188	FDResPub - ok
17:08:51.0850 2188	FETNDIS         (ecce54654a19f6cc5e526696680c1827) C:\Windows\system32\DRIVERS\fet6x64.sys
17:08:51.0897 2188	FETNDIS - ok
17:08:51.0944 2188	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:08:51.0959 2188	FileInfo - ok
17:08:51.0975 2188	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:08:52.0053 2188	Filetrace - ok
17:08:52.0100 2188	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:52.0116 2188	flpydisk - ok
17:08:52.0131 2188	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:08:52.0163 2188	FltMgr - ok
17:08:52.0225 2188	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:08:52.0303 2188	FontCache - ok
17:08:52.0366 2188	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:08:52.0381 2188	FontCache3.0.0.0 - ok
17:08:52.0397 2188	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:08:52.0413 2188	FsDepends - ok
17:08:52.0459 2188	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:52.0475 2188	Fs_Rec - ok
17:08:52.0516 2188	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:08:52.0545 2188	fvevol - ok
17:08:52.0570 2188	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:08:52.0585 2188	gagp30kx - ok
17:08:52.0623 2188	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:08:52.0633 2188	GEARAspiWDM - ok
17:08:52.0723 2188	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:08:52.0779 2188	gpsvc - ok
17:08:52.0833 2188	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:08:52.0883 2188	hcw85cir - ok
17:08:52.0953 2188	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:08:53.0017 2188	HdAudAddService - ok
17:08:53.0091 2188	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:08:53.0145 2188	HDAudBus - ok
17:08:53.0186 2188	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:08:53.0231 2188	HidBatt - ok
17:08:53.0271 2188	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:08:53.0325 2188	HidBth - ok
17:08:53.0373 2188	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:08:53.0391 2188	HidIr - ok
17:08:53.0421 2188	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:08:53.0506 2188	hidserv - ok
17:08:53.0538 2188	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:53.0551 2188	HidUsb - ok
17:08:53.0583 2188	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:08:53.0676 2188	hkmsvc - ok
17:08:53.0730 2188	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:08:53.0789 2188	HomeGroupListener - ok
17:08:53.0847 2188	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:08:53.0901 2188	HomeGroupProvider - ok
17:08:53.0950 2188	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:08:53.0964 2188	HpSAMD - ok
17:08:54.0027 2188	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:08:54.0116 2188	HTTP - ok
17:08:54.0154 2188	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:08:54.0168 2188	hwpolicy - ok
17:08:54.0205 2188	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:08:54.0220 2188	i8042prt - ok
17:08:54.0265 2188	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:08:54.0289 2188	iaStorV - ok
17:08:54.0325 2188	ICQ Service - ok
17:08:54.0394 2188	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:08:54.0427 2188	idsvc - ok
17:08:54.0453 2188	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:08:54.0467 2188	iirsp - ok
17:08:54.0521 2188	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:08:54.0611 2188	IKEEXT - ok
17:08:54.0792 2188	IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
17:08:54.0886 2188	IntcAzAudAddService - ok
17:08:54.0980 2188	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:08:54.0996 2188	intelide - ok
17:08:55.0011 2188	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:55.0058 2188	intelppm - ok
17:08:55.0105 2188	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:08:55.0183 2188	IPBusEnum - ok
17:08:55.0230 2188	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:55.0261 2188	IpFilterDriver - ok
17:08:55.0308 2188	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:08:55.0386 2188	iphlpsvc - ok
17:08:55.0433 2188	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:08:55.0449 2188	IPMIDRV - ok
17:08:55.0464 2188	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:08:55.0542 2188	IPNAT - ok
17:08:55.0667 2188	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:08:55.0699 2188	iPod Service - ok
17:08:55.0730 2188	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:08:55.0777 2188	IRENUM - ok
17:08:55.0824 2188	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:08:55.0839 2188	isapnp - ok
17:08:55.0871 2188	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:08:55.0886 2188	iScsiPrt - ok
17:08:55.0917 2188	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:55.0933 2188	kbdclass - ok
17:08:55.0964 2188	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:56.0011 2188	kbdhid - ok
17:08:56.0058 2188	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:56.0074 2188	KeyIso - ok
17:08:56.0089 2188	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:08:56.0105 2188	KSecDD - ok
17:08:56.0121 2188	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:08:56.0152 2188	KSecPkg - ok
17:08:56.0167 2188	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:08:56.0262 2188	ksthunk - ok
17:08:56.0324 2188	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:08:56.0408 2188	KtmRm - ok
17:08:56.0501 2188	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:08:56.0581 2188	LanmanServer - ok
17:08:56.0629 2188	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:08:56.0708 2188	LanmanWorkstation - ok
17:08:56.0755 2188	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:56.0830 2188	lltdio - ok
17:08:56.0885 2188	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:08:56.0974 2188	lltdsvc - ok
17:08:57.0014 2188	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:08:57.0090 2188	lmhosts - ok
17:08:57.0144 2188	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:08:57.0161 2188	LSI_FC - ok
17:08:57.0196 2188	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:08:57.0211 2188	LSI_SAS - ok
17:08:57.0227 2188	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:08:57.0243 2188	LSI_SAS2 - ok
17:08:57.0258 2188	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:08:57.0274 2188	LSI_SCSI - ok
17:08:57.0290 2188	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:08:57.0369 2188	luafv - ok
17:08:57.0447 2188	LVUSBS64        (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys
17:08:57.0447 2188	LVUSBS64 - ok
17:08:57.0478 2188	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:08:57.0556 2188	Mcx2Svc - ok
17:08:57.0775 2188	MDM             (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:08:57.0822 2188	MDM ( UnsignedFile.Multi.Generic ) - warning
17:08:57.0822 2188	MDM - detected UnsignedFile.Multi.Generic (1)
17:08:57.0869 2188	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:08:57.0884 2188	megasas - ok
17:08:57.0900 2188	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:08:57.0931 2188	MegaSR - ok
17:08:57.0978 2188	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:08:57.0994 2188	Microsoft Office Groove Audit Service - ok
17:08:58.0009 2188	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:08:58.0087 2188	MMCSS - ok
17:08:58.0134 2188	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:08:58.0197 2188	Modem - ok
17:08:58.0259 2188	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:08:58.0306 2188	monitor - ok
17:08:58.0353 2188	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:58.0369 2188	mouclass - ok
17:08:58.0384 2188	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:58.0431 2188	mouhid - ok
17:08:58.0478 2188	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:08:58.0494 2188	mountmgr - ok
17:08:58.0587 2188	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:08:58.0603 2188	MpFilter - ok
17:08:58.0634 2188	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:08:58.0650 2188	mpio - ok
17:08:58.0681 2188	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:08:58.0734 2188	mpsdrv - ok
17:08:58.0798 2188	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:08:58.0855 2188	MpsSvc - ok
17:08:58.0873 2188	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:08:58.0927 2188	MRxDAV - ok
17:08:58.0987 2188	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:59.0069 2188	mrxsmb - ok
17:08:59.0093 2188	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:59.0146 2188	mrxsmb10 - ok
17:08:59.0189 2188	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:59.0205 2188	mrxsmb20 - ok
17:08:59.0230 2188	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:08:59.0244 2188	msahci - ok
17:08:59.0264 2188	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:08:59.0281 2188	msdsm - ok
17:08:59.0315 2188	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:08:59.0365 2188	MSDTC - ok
17:08:59.0420 2188	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:08:59.0495 2188	Msfs - ok
17:08:59.0529 2188	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:08:59.0601 2188	mshidkmdf - ok
17:08:59.0638 2188	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:08:59.0652 2188	msisadrv - ok
17:08:59.0689 2188	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:08:59.0736 2188	MSiSCSI - ok
17:08:59.0742 2188	msiserver - ok
17:08:59.0775 2188	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:59.0853 2188	MSKSSRV - ok
17:08:59.0949 2188	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:08:59.0980 2188	MsMpSvc - ok
17:08:59.0996 2188	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:09:00.0089 2188	MSPCLOCK - ok
17:09:00.0136 2188	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:09:00.0199 2188	MSPQM - ok
17:09:00.0261 2188	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:09:00.0277 2188	MsRPC - ok
17:09:00.0308 2188	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:09:00.0324 2188	mssmbios - ok
17:09:00.0339 2188	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:09:00.0417 2188	MSTEE - ok
17:09:00.0449 2188	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:09:00.0464 2188	MTConfig - ok
17:09:00.0480 2188	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:09:00.0496 2188	Mup - ok
17:09:00.0542 2188	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:09:00.0636 2188	napagent - ok
17:09:00.0714 2188	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:09:00.0761 2188	NativeWifiP - ok
17:09:00.0855 2188	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:09:00.0886 2188	NDIS - ok
17:09:00.0917 2188	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:09:00.0996 2188	NdisCap - ok
17:09:01.0074 2188	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:09:01.0124 2188	NdisTapi - ok
17:09:01.0141 2188	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:09:01.0182 2188	Ndisuio - ok
17:09:01.0199 2188	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:09:01.0273 2188	NdisWan - ok
17:09:01.0321 2188	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:09:01.0392 2188	NDProxy - ok
17:09:01.0441 2188	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:09:01.0520 2188	NetBIOS - ok
17:09:01.0581 2188	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:09:01.0630 2188	NetBT - ok
17:09:01.0671 2188	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:09:01.0686 2188	Netlogon - ok
17:09:01.0735 2188	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:09:01.0820 2188	Netman - ok
17:09:01.0931 2188	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:09:01.0945 2188	NetMsmqActivator - ok
17:09:01.0958 2188	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:09:01.0972 2188	NetPipeActivator - ok
17:09:02.0018 2188	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:09:02.0103 2188	netprofm - ok
17:09:02.0223 2188	netr7364        (f3a1d8b7317939813568992d1bfdde37) C:\Windows\system32\DRIVERS\netr7364.sys
17:09:02.0259 2188	netr7364 - ok
17:09:02.0356 2188	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:09:02.0369 2188	NetTcpActivator - ok
17:09:02.0375 2188	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:09:02.0388 2188	NetTcpPortSharing - ok
17:09:02.0426 2188	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:09:02.0442 2188	nfrd960 - ok
17:09:02.0494 2188	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:09:02.0507 2188	NisDrv - ok
17:09:02.0564 2188	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:09:02.0584 2188	NisSrv - ok
17:09:02.0618 2188	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:09:02.0700 2188	NlaSvc - ok
17:09:02.0724 2188	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:09:02.0767 2188	Npfs - ok
17:09:02.0786 2188	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:09:02.0865 2188	nsi - ok
17:09:02.0910 2188	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:09:02.0987 2188	nsiproxy - ok
17:09:03.0103 2188	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:09:03.0157 2188	Ntfs - ok
17:09:03.0241 2188	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:09:03.0315 2188	Null - ok
17:09:03.0986 2188	nvlddmkm        (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:09:04.0389 2188	nvlddmkm - ok
17:09:04.0499 2188	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:09:04.0534 2188	nvraid - ok
17:09:04.0552 2188	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:09:04.0570 2188	nvstor - ok
17:09:04.0596 2188	nvsvc           (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
17:09:04.0619 2188	nvsvc - ok
17:09:04.0645 2188	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:09:04.0674 2188	nv_agp - ok
17:09:04.0763 2188	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:09:04.0789 2188	odserv - ok
17:09:04.0816 2188	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:09:04.0865 2188	ohci1394 - ok
17:09:04.0921 2188	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:09:04.0935 2188	ose - ok
17:09:04.0977 2188	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:09:05.0034 2188	p2pimsvc - ok
17:09:05.0095 2188	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:09:05.0121 2188	p2psvc - ok
17:09:05.0154 2188	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:09:05.0203 2188	Parport - ok
17:09:05.0254 2188	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:09:05.0269 2188	partmgr - ok
17:09:05.0294 2188	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:09:05.0351 2188	PcaSvc - ok
17:09:05.0406 2188	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:09:05.0422 2188	pci - ok
17:09:05.0434 2188	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:09:05.0448 2188	pciide - ok
17:09:05.0466 2188	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:09:05.0485 2188	pcmcia - ok
17:09:05.0500 2188	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:09:05.0515 2188	pcw - ok
17:09:05.0552 2188	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:09:05.0637 2188	PEAUTH - ok
17:09:05.0745 2188	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:09:05.0821 2188	PeerDistSvc - ok
17:09:05.0902 2188	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:09:05.0917 2188	PerfHost - ok
17:09:06.0080 2188	Ph3xIB64        (1e81496aff9d7fa2b4c4032b746de5b9) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
17:09:06.0159 2188	Ph3xIB64 - ok
17:09:06.0400 2188	PID_PEPI        (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
17:09:06.0473 2188	PID_PEPI - ok
17:09:06.0614 2188	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:09:06.0715 2188	pla - ok
17:09:06.0784 2188	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:09:06.0837 2188	PlugPlay - ok
17:09:06.0886 2188	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:09:06.0934 2188	PNRPAutoReg - ok
17:09:06.0985 2188	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:09:07.0004 2188	PNRPsvc - ok
17:09:07.0047 2188	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:09:07.0132 2188	PolicyAgent - ok
17:09:07.0192 2188	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:09:07.0276 2188	Power - ok
17:09:07.0354 2188	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:09:07.0432 2188	PptpMiniport - ok
17:09:07.0463 2188	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:09:07.0510 2188	Processor - ok
17:09:07.0573 2188	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:09:07.0651 2188	ProfSvc - ok
17:09:07.0823 2188	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:09:07.0838 2188	ProtectedStorage - ok
17:09:07.0870 2188	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:09:07.0948 2188	Psched - ok
17:09:08.0041 2188	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:09:08.0088 2188	ql2300 - ok
17:09:08.0182 2188	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:09:08.0198 2188	ql40xx - ok
17:09:08.0245 2188	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:09:08.0260 2188	QWAVE - ok
17:09:08.0276 2188	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:09:08.0338 2188	QWAVEdrv - ok
17:09:08.0370 2188	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:09:08.0416 2188	RasAcd - ok
17:09:08.0432 2188	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:09:08.0479 2188	RasAgileVpn - ok
17:09:08.0510 2188	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:09:08.0588 2188	RasAuto - ok
17:09:08.0620 2188	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:09:08.0666 2188	Rasl2tp - ok
17:09:08.0698 2188	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:09:08.0745 2188	RasMan - ok
17:09:08.0791 2188	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:09:08.0854 2188	RasPppoe - ok
17:09:08.0885 2188	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:09:08.0948 2188	RasSstp - ok
17:09:09.0010 2188	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:09:09.0088 2188	rdbss - ok
17:09:09.0120 2188	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:09:09.0135 2188	rdpbus - ok
17:09:09.0166 2188	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:09:09.0213 2188	RDPCDD - ok
17:09:09.0245 2188	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:09:09.0260 2188	RDPDR - ok
17:09:09.0276 2188	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:09:09.0354 2188	RDPENCDD - ok
17:09:09.0401 2188	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:09:09.0432 2188	RDPREFMP - ok
17:09:09.0479 2188	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:09:09.0541 2188	RDPWD - ok
17:09:09.0604 2188	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:09:09.0620 2188	rdyboost - ok
17:09:09.0651 2188	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:09:09.0729 2188	RemoteAccess - ok
17:09:09.0791 2188	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:09:09.0870 2188	RemoteRegistry - ok
17:09:09.0916 2188	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:09:09.0995 2188	RpcEptMapper - ok
17:09:10.0026 2188	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:09:10.0088 2188	RpcLocator - ok
17:09:10.0151 2188	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:09:10.0198 2188	RpcSs - ok
17:09:10.0229 2188	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:09:10.0276 2188	rspndr - ok
17:09:10.0291 2188	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:09:10.0338 2188	s3cap - ok
17:09:10.0402 2188	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:09:10.0417 2188	SamSs - ok
17:09:10.0433 2188	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:09:10.0449 2188	sbp2port - ok
17:09:10.0480 2188	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:09:10.0527 2188	SCardSvr - ok
17:09:10.0542 2188	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:09:10.0621 2188	scfilter - ok
17:09:10.0714 2188	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:09:10.0808 2188	Schedule - ok
17:09:10.0855 2188	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:09:10.0902 2188	SCPolicySvc - ok
17:09:10.0933 2188	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:09:10.0980 2188	SDRSVC - ok
17:09:11.0058 2188	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:09:11.0136 2188	secdrv - ok
17:09:11.0183 2188	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:09:11.0214 2188	seclogon - ok
17:09:11.0230 2188	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:09:11.0308 2188	SENS - ok
17:09:11.0324 2188	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:09:11.0355 2188	SensrSvc - ok
17:09:11.0402 2188	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:09:11.0464 2188	Serenum - ok
17:09:11.0496 2188	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:09:11.0574 2188	Serial - ok
17:09:11.0605 2188	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:09:11.0667 2188	sermouse - ok
17:09:11.0730 2188	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:09:11.0808 2188	SessionEnv - ok
17:09:11.0855 2188	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:09:11.0902 2188	sffdisk - ok
17:09:11.0949 2188	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:09:11.0996 2188	sffp_mmc - ok
17:09:12.0011 2188	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:09:12.0027 2188	sffp_sd - ok
17:09:12.0074 2188	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:09:12.0121 2188	sfloppy - ok
17:09:12.0167 2188	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:09:12.0261 2188	SharedAccess - ok
17:09:12.0324 2188	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:09:12.0402 2188	ShellHWDetection - ok
17:09:12.0449 2188	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:09:12.0464 2188	SiSRaid2 - ok
17:09:12.0496 2188	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:09:12.0511 2188	SiSRaid4 - ok
17:09:12.0609 2188	SkypeUpdate     (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:09:12.0624 2188	SkypeUpdate - ok
17:09:12.0660 2188	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:09:12.0736 2188	Smb - ok
17:09:12.0776 2188	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:09:12.0824 2188	SNMPTRAP - ok
17:09:12.0877 2188	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:09:12.0891 2188	spldr - ok
17:09:12.0925 2188	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:09:12.0977 2188	Spooler - ok
17:09:13.0132 2188	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:09:13.0276 2188	sppsvc - ok
17:09:13.0376 2188	sppuinotify     (0133de7bb39f869975d8af4bc9f0b0db) C:\Windows\system32\sppuinotify.dll
17:09:13.0416 2188	sppuinotify ( UnsignedFile.Multi.Generic ) - warning
17:09:13.0416 2188	sppuinotify - detected UnsignedFile.Multi.Generic (1)
17:09:13.0499 2188	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:09:13.0583 2188	srv - ok
17:09:13.0615 2188	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:09:13.0677 2188	srv2 - ok
17:09:13.0724 2188	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:09:13.0755 2188	srvnet - ok
17:09:13.0787 2188	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:09:13.0849 2188	SSDPSRV - ok
17:09:13.0865 2188	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:09:13.0912 2188	SstpSvc - ok
17:09:13.0927 2188	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:09:13.0943 2188	stexstor - ok
17:09:14.0005 2188	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:09:14.0037 2188	stisvc - ok
17:09:14.0068 2188	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:09:14.0083 2188	storflt - ok
17:09:14.0099 2188	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:09:14.0146 2188	StorSvc - ok
17:09:14.0193 2188	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:09:14.0208 2188	storvsc - ok
17:09:14.0240 2188	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:09:14.0255 2188	swenum - ok
17:09:14.0302 2188	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:09:14.0397 2188	swprv - ok
17:09:14.0506 2188	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:09:14.0600 2188	SysMain - ok
17:09:14.0694 2188	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:09:14.0756 2188	TabletInputService - ok
17:09:14.0803 2188	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:09:14.0897 2188	TapiSrv - ok
17:09:14.0928 2188	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:09:14.0997 2188	TBS - ok
17:09:15.0128 2188	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:09:15.0189 2188	Tcpip - ok
17:09:15.0370 2188	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:09:15.0418 2188	TCPIP6 - ok
17:09:15.0514 2188	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:09:15.0556 2188	tcpipreg - ok
17:09:15.0573 2188	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:09:15.0622 2188	TDPIPE - ok
17:09:15.0682 2188	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:09:15.0733 2188	TDTCP - ok
17:09:15.0779 2188	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:09:15.0820 2188	tdx - ok
17:09:15.0844 2188	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:09:15.0859 2188	TermDD - ok
17:09:15.0913 2188	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:09:16.0000 2188	TermService - ok
17:09:16.0039 2188	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:09:16.0062 2188	Themes - ok
17:09:16.0116 2188	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:09:16.0147 2188	THREADORDER - ok
17:09:16.0163 2188	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:09:16.0241 2188	TrkWks - ok
17:09:16.0303 2188	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:09:16.0381 2188	TrustedInstaller - ok
17:09:16.0446 2188	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:09:16.0520 2188	tssecsrv - ok
17:09:16.0565 2188	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:09:16.0610 2188	TsUsbFlt - ok
17:09:16.0664 2188	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:09:16.0711 2188	TsUsbGD - ok
17:09:16.0765 2188	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:09:16.0839 2188	tunnel - ok
17:09:16.0880 2188	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:09:16.0895 2188	uagp35 - ok
17:09:16.0920 2188	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:09:17.0003 2188	udfs - ok
17:09:17.0056 2188	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:09:17.0106 2188	UI0Detect - ok
17:09:17.0151 2188	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:09:17.0166 2188	uliagpkx - ok
17:09:17.0192 2188	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:09:17.0237 2188	umbus - ok
17:09:17.0272 2188	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:09:17.0322 2188	UmPass - ok
17:09:17.0380 2188	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:09:17.0433 2188	UmRdpService - ok
17:09:17.0500 2188	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:09:17.0575 2188	upnphost - ok
17:09:17.0653 2188	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:09:17.0653 2188	USBAAPL64 - ok
17:09:17.0700 2188	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:09:17.0762 2188	usbaudio - ok
17:09:17.0809 2188	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:09:17.0856 2188	usbccgp - ok
17:09:17.0934 2188	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:09:17.0965 2188	usbcir - ok
17:09:17.0981 2188	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:09:18.0043 2188	usbehci - ok
17:09:18.0106 2188	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:09:18.0168 2188	usbhub - ok
17:09:18.0215 2188	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:09:18.0262 2188	usbohci - ok
17:09:18.0309 2188	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:09:18.0356 2188	usbprint - ok
17:09:18.0418 2188	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:09:18.0435 2188	usbscan - ok
17:09:18.0451 2188	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:09:18.0513 2188	USBSTOR - ok
17:09:18.0560 2188	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:09:18.0607 2188	usbuhci - ok
17:09:18.0654 2188	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:09:18.0732 2188	UxSms - ok
17:09:18.0779 2188	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:09:18.0810 2188	VaultSvc - ok
17:09:18.0826 2188	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:09:18.0841 2188	vdrvroot - ok
17:09:18.0888 2188	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:09:18.0982 2188	vds - ok
17:09:18.0998 2188	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:09:19.0013 2188	vga - ok
17:09:19.0029 2188	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:09:19.0123 2188	VgaSave - ok
17:09:19.0185 2188	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:09:19.0201 2188	vhdmp - ok
17:09:19.0216 2188	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:09:19.0232 2188	viaide - ok
17:09:19.0263 2188	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:09:19.0279 2188	vmbus - ok
17:09:19.0294 2188	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:09:19.0341 2188	VMBusHID - ok
17:09:19.0388 2188	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:09:19.0404 2188	volmgr - ok
17:09:19.0419 2188	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:09:19.0451 2188	volmgrx - ok
17:09:19.0466 2188	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:09:19.0498 2188	volsnap - ok
17:09:19.0529 2188	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:09:19.0544 2188	vsmraid - ok
17:09:19.0638 2188	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:09:19.0748 2188	VSS - ok
17:09:19.0873 2188	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:09:19.0940 2188	vwifibus - ok
17:09:19.0989 2188	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:09:20.0044 2188	vwififlt - ok
17:09:20.0115 2188	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:09:20.0165 2188	W32Time - ok
17:09:20.0189 2188	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:09:20.0240 2188	WacomPen - ok
17:09:20.0293 2188	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:20.0371 2188	WANARP - ok
17:09:20.0375 2188	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:20.0417 2188	Wanarpv6 - ok
17:09:20.0521 2188	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:09:20.0605 2188	wbengine - ok
17:09:20.0725 2188	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:09:20.0750 2188	WbioSrvc - ok
17:09:20.0784 2188	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:09:20.0848 2188	wcncsvc - ok
17:09:20.0891 2188	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:09:20.0945 2188	WcsPlugInService - ok
17:09:21.0027 2188	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:09:21.0042 2188	Wd - ok
17:09:21.0084 2188	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:09:21.0117 2188	Wdf01000 - ok
17:09:21.0133 2188	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:09:21.0192 2188	WdiServiceHost - ok
17:09:21.0197 2188	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:09:21.0221 2188	WdiSystemHost - ok
17:09:21.0274 2188	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:09:21.0333 2188	WebClient - ok
17:09:21.0382 2188	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:09:21.0473 2188	Wecsvc - ok
17:09:21.0530 2188	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:09:21.0611 2188	wercplsupport - ok
17:09:21.0665 2188	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:09:21.0710 2188	WerSvc - ok
17:09:21.0763 2188	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:09:21.0809 2188	WfpLwf - ok
17:09:21.0824 2188	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:09:21.0838 2188	WIMMount - ok
17:09:21.0863 2188	WinDefend - ok
17:09:21.0880 2188	WinHttpAutoProxySvc - ok
17:09:21.0934 2188	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:09:21.0980 2188	Winmgmt - ok
17:09:22.0083 2188	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:09:22.0166 2188	WinRM - ok
17:09:22.0288 2188	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:09:22.0341 2188	WinUsb - ok
17:09:22.0425 2188	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:09:22.0504 2188	Wlansvc - ok
17:09:22.0692 2188	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:09:22.0770 2188	wlidsvc - ok
17:09:22.0864 2188	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:09:22.0914 2188	WmiAcpi - ok
17:09:22.0994 2188	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:09:23.0043 2188	wmiApSrv - ok
17:09:23.0099 2188	WMPNetworkSvc - ok
17:09:23.0132 2188	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:09:23.0151 2188	WPCSvc - ok
17:09:23.0169 2188	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:09:23.0190 2188	WPDBusEnum - ok
17:09:23.0210 2188	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:09:23.0257 2188	ws2ifsl - ok
17:09:23.0279 2188	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:09:23.0339 2188	wscsvc - ok
17:09:23.0345 2188	WSearch - ok
17:09:23.0503 2188	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:09:23.0644 2188	wuauserv - ok
17:09:23.0760 2188	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:09:23.0839 2188	WudfPf - ok
17:09:23.0907 2188	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:09:23.0986 2188	WUDFRd - ok
17:09:24.0037 2188	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:09:24.0082 2188	wudfsvc - ok
17:09:24.0106 2188	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:09:24.0169 2188	WwanSvc - ok
17:09:24.0229 2188	XUIF            (6533f30045b0a234783bd8b4069f0433) C:\Windows\system32\Drivers\x10ufx2.sys
17:09:24.0240 2188	XUIF - ok
17:09:24.0274 2188	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:09:24.0574 2188	\Device\Harddisk0\DR0 - ok
17:09:24.0590 2188	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:09:24.0781 2188	\Device\Harddisk1\DR1 - ok
17:09:24.0797 2188	Boot (0x1200)   (3af40ddd656519f3921e9bfec0cb5ac4) \Device\Harddisk0\DR0\Partition0
17:09:24.0799 2188	\Device\Harddisk0\DR0\Partition0 - ok
17:09:24.0839 2188	Boot (0x1200)   (42ed40d4c1fcf1d46d903742dbaec244) \Device\Harddisk0\DR0\Partition1
17:09:24.0841 2188	\Device\Harddisk0\DR0\Partition1 - ok
17:09:24.0846 2188	Boot (0x1200)   (6ec4fa24330f6308a8352bc4965aeecf) \Device\Harddisk1\DR1\Partition0
17:09:24.0847 2188	\Device\Harddisk1\DR1\Partition0 - ok
17:09:24.0850 2188	============================================================
17:09:24.0850 2188	Scan finished
17:09:24.0850 2188	============================================================
17:09:24.0874 2236	Detected object count: 2
17:09:24.0874 2236	Actual detected object count: 2
17:09:41.0721 2236	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:41.0721 2236	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:09:41.0737 2236	sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:41.0737 2236	sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 30.05.2012, 16:11   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2012, 16:45   #15
Einequalle
 
Musik Trojaner auf Win7 - Standard

Musik Trojaner auf Win7



[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-30.03 - *** 30.05.2012  17:27:34.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.2009 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\lame_enc.dll
c:\users\***\AppData\Local\no23xwrapper.dll
c:\users\***\AppData\Local\ogg.dll
c:\users\***\AppData\Local\vorbis.dll
c:\users\***\AppData\Local\vorbisenc.dll
c:\users\***\AppData\Local\vorbisfile.dll
F:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 13:43 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2825002-E6F4-46FC-A9EE-E7ED8C5B85AC}\mpengine.dll
2012-05-30 13:22 . 2012-05-30 13:22	--------	d-----w-	C:\_OTL
2012-05-29 12:44 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-26 22:25 . 2012-05-26 22:25	--------	d-----w-	c:\program files (x86)\ESET
2012-05-23 11:02 . 2012-05-23 11:02	--------	d-----w-	c:\program files (x86)\7-Zip
2012-05-22 20:30 . 2012-05-22 20:30	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-05-22 20:28 . 2012-05-22 20:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-22 20:28 . 2012-05-22 20:28	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-22 20:28 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-17 19:55 . 2012-05-17 19:55	--------	d-----w-	c:\users\***\AppData\Local\SmoothDraw
2012-05-14 17:16 . 2012-05-14 17:16	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-14 17:16 . 2012-05-14 17:16	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-10 14:04 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-05-10 14:04 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-10 14:04 . 2012-03-31 06:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-10 14:04 . 2012-03-31 03:10	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-05-10 14:04 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 14:04 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 14:04 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-10 14:03 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-10 14:03 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 14:03 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:03 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 14:03 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 14:03 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:37 . 2012-04-05 11:14	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:37 . 2011-11-03 18:44	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:37 . 2012-04-05 11:37	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 18:44 . 2011-04-27 14:25	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 12:18	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-04 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-04 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:37]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295342631-741372405-1075544715-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 16:43]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295342631-741372405-1075544715-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 16:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tb4dm1my.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-30  17:37:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-30 15:37
.
Vor Suchlauf: 8 Verzeichnis(se), 361.466.007.552 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 361.067.720.704 Bytes frei
.
- - End Of File - - 75FE3F0204861CB4BBCE209CBA98460A
         
--- --- ---

Antwort

Themen zu Musik Trojaner auf Win7
acrobat update, bluescreen, dateisystem, google earth, heuristiks/extra, heuristiks/shuriken, malwarebytes, microsoft security, schlachtenmusik trojaner, shut down, trojaner, windows 7 64 bit, windows 7 64 bit professional, windows 7 64bit professional



Ähnliche Themen: Musik Trojaner auf Win7


  1. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  2. Musik und Filme nach BKA-Trojaner verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 12.07.2013 (29)
  3. Musik im Hintergrund wenn Browser offen ist WIN7
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (19)
  4. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  5. AKM 100€ für illegale Musik Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (8)
  6. Ordner bei Eigener Musik verschwinden(musik ist dennoch da)[windows 7]
    Alles rund um Windows - 19.10.2011 (13)
  7. Alle Dateien (Fotos und Musik) sind nicht mehr abrufbar, nachdem Virus gefunden wurde (Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (31)
  8. Antivir entdeckt Trojaner, unerwünsche Musik läuft!
    Plagegeister aller Art und deren Bekämpfung - 05.08.2011 (5)
  9. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)
  10. Virus oder Trojaner eingefangen? Musik läuft im Hintergrund!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (1)
  11. seltsame Musik im Browser Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (12)
  12. Musik und Geräusche
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (15)
  13. Musik-Problem
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (31)
  14. ¿Virus oder Trojaner? - Musik startet / Mausklick im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 01.08.2010 (1)
  15. Musik aus dem off/ Offenbar Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (17)
  16. Trojaner der Musik / Internetradio abspielt?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2010 (4)
  17. Ein Trojaner der Musik / Internetradio abspielt?
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (0)

Zum Thema Musik Trojaner auf Win7 - Guten Tag, Ich habe gestern zum ersten Mal festgestellt, dass Musik aus dem Lautsprecher heraustönt. Es war Schlachtmusik, welche mich sehr irritiert hat. Zunächst habe ich meinen PC nach der - Musik Trojaner auf Win7...
Archiv
Du betrachtest: Musik Trojaner auf Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.