| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Musik im Hintergrund wenn Browser offen ist WIN7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.03.2013, 18:16
| #1 |
 |  Musik im Hintergrund wenn Browser offen ist WIN7 Hallo liebe Community, Ich vermute,dass mein Rechner mit einem Virus infiziert ist, da ich durch die SuFu einen User gefunden habe, welcher dasselbe bzw ein ähnliches Problem hatte (http://www.trojaner-board.de/124178-...-platinum.html). Und zwar erscheint immer komische Musik oder Werbung für einen Lamborghini im Hintergrund sobald ich einen Browser öffne. Egal ob Firefox, IE, Chrome oder Opera. Angefangen hat alles vor ca 4 Tagen, als ich mir bei thepiratebay etwas runtergeladen habe. Ich selbst kenne mich überhaupt nicht mit Viren oder ähnlichem aus. Ich wäre wirklich dankbar für eure Hilfe!! Lieber Gruß txea #e habe jetzt ein paar Sachen drüber laufen lassen, welche ich angehängt habe (die OTL log kann ich nicht anhängen,er sagt mir sie ist zu groß mit 102kb) Geändert von txea (13.03.2013 um 19:00 Uhr) |
|
13.03.2013, 19:15
| #2 | ||
| /// TB-Ausbilder   | Musik im Hintergrund wenn Browser offen ist WIN7 Hallo txea,
__________________Zitat:
Was hast du dort genau heruntergeladen? (Beim Vorhandensein von illegaler Software stellen wir hier den Support jeweils ein.) Zitat:
__________________ |
|
13.03.2013, 19:41
| #3 |
| | Musik im Hintergrund wenn Browser offen ist WIN7 ich weiß nicht was das war, ein User mit dem ich ein Onlinespiel zusammen spiele meinte ich soll mir das mal laden und sagen wie ich es finde. Er hat mir den Link geschickt ich habe es geladen und geöffnet, jedoch ist nichts passiert. Ich kannte diese Seite ja nicht, also wusste ich nicht, dass das schädlich für meinen PC sein könnte.
__________________Code:
ATTFilter OTL logfile created on: 13.03.2013 18:46:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JEEZY\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 34,09% Memory free 6,98 Gb Paging File | 4,27 Gb Available in Paging File | 61,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,53 Gb Total Space | 10,48 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1273,62 Gb Free Space | 91,15% Space Free | Partition Type: NTFS Computer Name: JEEZY1 | User Name: JEEZY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe PRC - [2013.03.09 15:33:09 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2013.03.08 18:47:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe PRC - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe PRC - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2013.02.21 19:48:23 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.15 17:23:57 | 000,879,456 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe PRC - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () -- D:\Program Files\EslWire\service\WireHelperSvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.02 15:28:56 | 000,361,216 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe ========== Modules (No Company Name) ========== MOD - [2013.03.09 15:33:08 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.03.08 18:47:49 | 003,069,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013.02.15 17:23:59 | 000,835,584 | ---- | M] () -- C:\Programme\Opera\gstreamer\gstreamer.dll MOD - [2013.02.15 17:23:59 | 000,312,832 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013.02.15 17:23:59 | 000,158,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013.02.15 17:23:59 | 000,101,888 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013.02.15 17:23:59 | 000,096,256 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013.02.15 17:23:59 | 000,094,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013.02.15 17:23:59 | 000,093,696 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013.02.15 17:23:59 | 000,073,728 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013.02.15 17:23:59 | 000,067,072 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013.02.15 17:23:59 | 000,062,976 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013.02.15 17:23:59 | 000,057,344 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013.02.15 17:23:59 | 000,038,912 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll ========== Services (SafeList) ========== SRV - [2013.03.09 15:33:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013.02.22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () [Auto | Running] -- D:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.09 18:06:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.07 22:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.02 15:28:56 | 000,361,216 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe -- (AVP) SRV - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JEEZY\AppData\Local\Temp\fwldypow.sys -- (fwldypow) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6) DRV - [2012.12.17 11:38:54 | 000,867,344 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.04.08 02:51:30 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV - [2012.04.06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.11.06 03:06:37 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.08.03 09:58:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2011.06.02 10:32:50 | 000,317,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci) DRV - [2011.06.02 10:32:50 | 000,101,352 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3) DRV - [2011.03.03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (VLAN) DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) DRV - [2010.01.14 21:26:34 | 000,033,056 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60) DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114026&tt=0113_6&babsrc=HP_ss&mntrId=6ee7012200000000000000ff5ef94524 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 36 37 4F F0 9B CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114026&tt=0113_6&babsrc=SP_ss&mntrId=6ee7012200000000000000ff5ef94524 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q=" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4 FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:0.7.1.1 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\firejump@firejump.net [2012.05.05 10:39:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.11.05 20:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Extensions [2013.03.06 18:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions [2012.07.27 05:34:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.05.05 10:39:55 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\firejump@firejump.net [2013.03.06 18:05:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\ich@maltegoetz.de [2013.02.23 09:37:18 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\toolbar@web.de [2012.11.02 14:56:01 | 000,077,464 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@billiger.de.xpi [2012.08.26 18:58:28 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@icq.de.xpi [2012.12.30 19:54:44 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2013.02.20 16:59:09 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013.01.04 01:01:31 | 000,002,432 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\searchplugins\babylon1.xml [2013.03.11 17:57:09 | 000,000,950 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\searchplugins\icqplugin-1.xml [2012.12.28 18:07:17 | 000,001,056 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\searchplugins\icqplugin.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Docs = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.06 08:09:09 | 000,001,297 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry) O4 - HKLM..\Run: [RoccatKone+] D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKLM..\Run: [speedvid] C:\Programme\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe (SpeedVID Accelerator) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Irsacu] C:\Users\JEEZY\AppData\Roaming\Doelna\zaesw.exe File not found O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JEEZY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ie_banner_deny.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EF94524-B58F-4D8C-AEA3-40728AEDA34B}: DhcpNameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7072BE6F-DBB1-44D3-B0BB-C77C59CD5E1D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\kloehk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 18:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe [2013.03.13 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Malwarebytes [2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.13 18:33:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.13 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield [2013.03.13 06:20:17 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{848EEA9D-93E2-43B9-9066-7E75167CACD3} [2013.03.12 16:58:51 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{32E2F4BE-C239-4610-90D5-DB1C2B5192F5} [2013.03.11 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B6D04BA0-AFD9-49C5-BF6C-1027C06748DC} [2013.03.10 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{282767F1-8AD9-4C73-8EBB-2D15A43576FF} [2013.03.10 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{5479D843-A6C6-499F-B831-8439DC0343F0} [2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\ManiaPlanet [2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet [2013.03.09 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\Macromedia [2013.03.09 15:32:34 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\My Games [2013.03.09 08:58:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{13270695-25BD-405A-8774-D38B516E5E83} [2013.03.08 18:45:49 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{59F27150-C4D8-4104-AA02-4031C255E7E1} [2013.03.08 06:45:26 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D6844212-8BAC-4CC2-9735-62A8FBCC5ADB} [2013.03.07 15:41:37 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{08EDF804-C6F4-4E91-B1B7-FEB2A8868967} [2013.03.06 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{BE657D5D-9BF8-48B4-8EDF-F2EA353F52E6} [2013.03.05 16:59:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{62AC2EA0-53FD-4737-A63A-2D3CBC2D942C} [2013.03.04 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN [2013.03.04 12:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN [2013.03.04 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{EF5457BC-169F-4FBC-BC84-B55AF0D3121C} [2013.03.03 08:24:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F619A86A-58C1-4349-BB29-2E1279B144AC} [2013.03.02 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Desktop\xyyy [2013.03.02 08:28:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{088675A9-A353-4668-9545-4C9F27DDA4DE} [2013.03.01 08:35:24 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B7476F08-1590-4474-88D9-6B982928F6E2} [2013.02.28 19:41:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{42A4BC10-74EB-45B6-94AE-7C2F6A1C732E} [2013.02.27 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{34A76B59-87F8-4BFB-B7F4-A8488C42C72E} [2013.02.27 06:40:19 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{E4C6DE94-3463-445E-954C-08ACC884A93D} [2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.02.26 07:54:05 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{038F85B3-0437-4E06-A222-A427311832A9} [2013.02.25 06:50:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91906DC9-2545-42C0-B135-DB8C6D331F1D} [2013.02.24 08:10:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91FC1C01-7701-4E05-B87C-DD532124857E} [2013.02.23 09:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.23 09:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.02.23 09:17:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F851713B-47CA-4933-8BAC-BC98712AC615} [2013.02.22 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D49FBA95-891A-425D-8B57-63AC5E26B008} [2013.02.22 02:50:36 | 000,037,064 | ---- | C] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys [2013.02.22 02:37:16 | 000,040,136 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys [2013.02.21 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{343FEAC0-1A8E-41B8-BE61-363F91E05904} [2013.02.20 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{FA038185-FBE0-49E2-9F3D-FA589DDA95D3} [2013.02.19 16:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{6A946F5A-10A0-4379-B8F1-1F78BA520192} [2013.02.18 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{DAA566C7-8CFD-4C08-B3BE-CBC73A0856BB} [2013.02.17 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{3E84B599-8ABD-45BA-AB21-FCC2C4A37270} [2013.02.16 08:36:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{324900D5-BD35-480C-B97B-89D6B0664098} [2013.02.15 08:35:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{A40328DD-F743-4E8B-AE67-1EB46DEAB0E3} [2013.02.14 09:09:16 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{4A30E1E7-47CC-4690-84D7-725D630FA3B6} [2013.02.13 10:18:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{96CE90C5-7938-475F-BC15-5DCA1769F815} [2013.02.12 07:46:55 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{54A83F81-6F4F-4FC3-AD56-5B4FB5BC60E2} ========== Files - Modified Within 30 Days ========== [2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe [2013.03.13 18:33:34 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.13 18:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.13 17:53:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.13 17:07:30 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 17:07:30 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 17:05:00 | 007,894,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.13 17:05:00 | 002,732,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.13 17:05:00 | 002,378,514 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.13 17:05:00 | 002,126,820 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.13 16:59:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.13 16:59:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 16:59:12 | 2810,097,664 | -HS- | M] () -- C:\hiberfil.sys [2013.03.12 19:36:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000UA.job [2013.03.11 20:35:38 | 000,082,828 | ---- | M] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg [2013.03.09 16:52:12 | 000,000,216 | ---- | M] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url [2013.03.09 16:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000Core.job [2013.03.09 10:38:29 | 000,001,278 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013.03.05 17:54:06 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.04 11:28:18 | 000,019,985 | ---- | M] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg [2013.03.03 10:44:43 | 000,362,063 | ---- | M] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg [2013.03.03 10:27:32 | 000,076,290 | ---- | M] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg [2013.02.26 16:34:22 | 000,013,359 | ---- | M] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg [2013.02.26 16:32:03 | 000,004,304 | ---- | M] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg [2013.02.26 16:22:41 | 000,007,573 | ---- | M] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg [2013.02.26 16:19:13 | 000,007,185 | ---- | M] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg [2013.02.26 16:15:23 | 000,014,462 | ---- | M] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg [2013.02.23 09:37:02 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys [2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys [2013.02.14 17:53:45 | 029,241,680 | ---- | M] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav [2013.02.14 16:53:48 | 008,559,440 | ---- | M] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav [2013.02.13 15:35:38 | 000,269,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.13 18:33:34 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.11 20:35:38 | 000,082,828 | ---- | C] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg [2013.03.09 16:52:12 | 000,000,216 | ---- | C] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url [2013.03.09 15:33:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.04 11:28:16 | 000,019,985 | ---- | C] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg [2013.03.03 10:44:43 | 000,362,063 | ---- | C] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg [2013.03.03 10:27:31 | 000,076,290 | ---- | C] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg [2013.02.26 16:34:21 | 000,013,359 | ---- | C] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg [2013.02.26 16:32:02 | 000,004,304 | ---- | C] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg [2013.02.26 16:22:40 | 000,007,573 | ---- | C] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg [2013.02.26 16:19:13 | 000,007,185 | ---- | C] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg [2013.02.26 16:15:21 | 000,014,462 | ---- | C] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg [2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.14 17:51:13 | 029,241,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav [2013.02.14 16:53:02 | 008,559,440 | ---- | C] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav [2012.11.25 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2012.11.18 03:01:11 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.10.12 14:24:53 | 000,944,720 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_12_15_24_50.wav [2012.10.11 19:31:18 | 079,175,120 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_11_20_31_10.wav [2012.08.15 20:48:17 | 038,559,440 | ---- | C] () -- C:\Users\JEEZY\meilenstein nilson.wav [2012.07.13 21:40:35 | 117,982,160 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_07_13_22_40_33.wav [2012.07.10 19:26:29 | 000,005,120 | ---- | C] () -- C:\Users\JEEZY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.01 17:47:15 | 006,754,640 | ---- | C] () -- C:\Users\JEEZY\LORUS.wav [2012.06.21 22:12:40 | 013,499,600 | ---- | C] () -- C:\Users\JEEZY\snt.wav [2012.04.24 16:04:48 | 000,716,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_24_17_4_47.wav [2012.04.13 17:29:25 | 000,612,560 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_13_18_29_23.wav [2012.04.12 22:16:55 | 001,036,880 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_12_23_16_54.wav [2012.04.09 20:03:07 | 023,005,520 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_09_21_3_5.wav [2012.03.11 16:38:16 | 044,995,280 | ---- | C] () -- C:\Users\JEEZY\singen.wav [2012.02.20 19:59:46 | 001,772,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_20_19_59_44.wav [2012.02.16 21:56:54 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.02.12 19:03:50 | 023,913,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_12_19_3_48.wav [2011.12.30 04:46:42 | 053,118,764 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_11_12_30_4_46_40.wav [2011.12.14 19:39:22 | 000,141,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.12.14 19:39:22 | 000,138,056 | ---- | C] () -- C:\Users\JEEZY\AppData\Roaming\PnkBstrK.sys [2011.12.14 19:38:56 | 000,281,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.12.14 19:38:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.12.10 17:12:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2011.12.07 18:01:44 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011.11.06 21:08:31 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.11.06 03:06:54 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.11.06 03:06:54 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.11.05 20:54:30 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.11.05 20:24:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2011.11.05 20:21:21 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.11.05 20:20:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.05 20:20:15 | 000,028,578 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.14 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Alxase [2013.01.04 01:01:13 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Babylon [2011.11.05 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\DAEMON Tools Pro [2012.02.16 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\DesktopIconForAmazon [2012.08.14 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Doelna [2013.03.13 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Dropbox [2012.11.09 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\FileZilla [2012.07.20 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\fltk.org [2013.03.12 20:05:18 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\HLSW [2013.03.13 18:06:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield [2013.03.13 16:59:28 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ICQ [2012.02.20 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\java [2012.02.18 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\LolClient [2012.08.14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Matii [2012.12.15 23:36:19 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Opera [2012.08.12 16:53:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Publish Providers [2012.02.09 16:18:16 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Screaming Bee [2012.08.12 16:53:03 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Sony [2012.07.27 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\SplitMediaLabs [2012.02.20 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TeamViewer [2012.02.12 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Teeworlds [2013.03.13 18:46:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TS3Client [2011.11.06 02:40:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ts3overlay ========== Purity Check ========== < End of report > Geändert von txea (13.03.2013 um 19:46 Uhr) |
|
14.03.2013, 05:57
| #5 |
| | Musik im Hintergrund wenn Browser offen ist WIN7 Guten Morgen aharonov, nachdem GMER nach 5h noch nicht fertig war, habe ich es über Nacht laufen lassen. Als ich heute früh an den Rechner um zu schauen wie weit es ist, habe ich bemerkt das er sich neugestartet hatte. Auf dem Desktop sind nun 2 versteckte files "desktop.ini". Die eine lässt sich öffnen und es steht folgendes drin : Code:
ATTFilter [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183]
Ich habe keine Ahnung was passiert ist über Nacht. Falls das Normal ist bin ich froh, wenn nicht lasse ich es nach dem Arbeiten nochmal drüberlaufen. lg Geändert von txea (14.03.2013 um 06:24 Uhr) |
|
14.03.2013, 14:23
| #6 |
| /// TB-Ausbilder | Musik im Hintergrund wenn Browser offen ist WIN7 Hi, das mit GMER scheint nicht so ganz geklappt zu haben. Lass es mal sein und mach stattdessen das: Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung. Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit. Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ --> Musik im Hintergrund wenn Browser offen ist WIN7 |
|
14.03.2013, 22:09
| #7 |
| | Musik im Hintergrund wenn Browser offen ist WIN7 TDSSKiller Code:
ATTFilter 22:07:53.0414 3188 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:07:53.0699 3188 ============================================================
22:07:53.0699 3188 Current date / time: 2013/03/14 22:07:53.0699
22:07:53.0699 3188 SystemInfo:
22:07:53.0699 3188
22:07:53.0699 3188 OS Version: 6.1.7601 ServicePack: 1.0
22:07:53.0699 3188 Product type: Workstation
22:07:53.0699 3188 ComputerName: JEEZY1
22:07:53.0699 3188 UserName: JEEZY
22:07:53.0699 3188 Windows directory: C:\Windows
22:07:53.0699 3188 System windows directory: C:\Windows
22:07:53.0699 3188 Processor architecture: Intel x86
22:07:53.0699 3188 Number of processors: 8
22:07:53.0699 3188 Page size: 0x1000
22:07:53.0699 3188 Boot type: Normal boot
22:07:53.0699 3188 ============================================================
22:07:53.0914 3188 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:07:53.0914 3188 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:07:53.0927 3188 ============================================================
22:07:53.0927 3188 \Device\Harddisk0\DR0:
22:07:53.0927 3188 MBR partitions:
22:07:53.0927 3188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:07:53.0927 3188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
22:07:53.0927 3188 \Device\Harddisk1\DR1:
22:07:53.0927 3188 MBR partitions:
22:07:53.0927 3188 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
22:07:53.0927 3188 ============================================================
22:07:53.0928 3188 C: <-> \Device\Harddisk0\DR0\Partition2
22:07:53.0969 3188 D: <-> \Device\Harddisk1\DR1\Partition1
22:07:53.0969 3188 ============================================================
22:07:53.0969 3188 Initialize success
22:07:53.0969 3188 ============================================================
22:07:59.0914 6664 ============================================================
22:07:59.0914 6664 Scan started
22:07:59.0914 6664 Mode: Manual;
22:07:59.0914 6664 ============================================================
22:08:00.0915 6664 ================ Scan system memory ========================
22:08:00.0915 6664 System memory - ok
22:08:00.0915 6664 ================ Scan services =============================
22:08:00.0945 6664 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:08:00.0947 6664 1394ohci - ok
22:08:00.0951 6664 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:08:00.0954 6664 ACPI - ok
22:08:00.0957 6664 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:08:00.0957 6664 AcpiPmi - ok
22:08:00.0962 6664 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:08:00.0963 6664 AdobeARMservice - ok
22:08:00.0967 6664 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:08:00.0969 6664 AdobeFlashPlayerUpdateSvc - ok
22:08:00.0974 6664 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:08:00.0977 6664 adp94xx - ok
22:08:00.0981 6664 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:08:00.0983 6664 adpahci - ok
22:08:00.0986 6664 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:08:00.0988 6664 adpu320 - ok
22:08:00.0991 6664 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:08:00.0992 6664 AeLookupSvc - ok
22:08:00.0998 6664 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:08:01.0001 6664 AFD - ok
22:08:01.0003 6664 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:08:01.0004 6664 agp440 - ok
22:08:01.0007 6664 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:08:01.0008 6664 aic78xx - ok
22:08:01.0011 6664 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:08:01.0012 6664 ALG - ok
22:08:01.0013 6664 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:08:01.0014 6664 aliide - ok
22:08:01.0016 6664 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:08:01.0017 6664 amdagp - ok
22:08:01.0019 6664 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:08:01.0019 6664 amdide - ok
22:08:01.0021 6664 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:08:01.0022 6664 AmdK8 - ok
22:08:01.0024 6664 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:08:01.0024 6664 AmdPPM - ok
22:08:01.0026 6664 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:08:01.0027 6664 amdsata - ok
22:08:01.0030 6664 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:08:01.0032 6664 amdsbs - ok
22:08:01.0034 6664 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:08:01.0035 6664 amdxata - ok
22:08:01.0037 6664 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:08:01.0038 6664 AppID - ok
22:08:01.0040 6664 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:08:01.0040 6664 AppIDSvc - ok
22:08:01.0043 6664 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:08:01.0043 6664 Appinfo - ok
22:08:01.0048 6664 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:08:01.0050 6664 Apple Mobile Device - ok
22:08:01.0053 6664 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:08:01.0054 6664 arc - ok
22:08:01.0056 6664 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:08:01.0057 6664 arcsas - ok
22:08:01.0060 6664 [ A3938D491EAEE2B83D3A3631C3273182 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
22:08:01.0061 6664 asmthub3 - ok
22:08:01.0065 6664 [ FE5FFED1DBA8DA0C9064202207301BA4 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
22:08:01.0067 6664 asmtxhci - ok
22:08:01.0070 6664 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:08:01.0070 6664 AsyncMac - ok
22:08:01.0073 6664 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:08:01.0073 6664 atapi - ok
22:08:01.0080 6664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:08:01.0084 6664 AudioEndpointBuilder - ok
22:08:01.0089 6664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:08:01.0091 6664 Audiosrv - ok
22:08:01.0099 6664 [ 7DF7099F05453D3DBA427A1D2713A414 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe
22:08:01.0102 6664 AVP - ok
22:08:01.0105 6664 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:08:01.0106 6664 AxInstSV - ok
22:08:01.0111 6664 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:08:01.0115 6664 b06bdrv - ok
22:08:01.0119 6664 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:08:01.0121 6664 b57nd60x - ok
22:08:01.0130 6664 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:08:01.0131 6664 BDESVC - ok
22:08:01.0132 6664 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:08:01.0133 6664 Beep - ok
22:08:01.0139 6664 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:08:01.0144 6664 BFE - ok
22:08:01.0150 6664 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:08:01.0157 6664 BITS - ok
22:08:01.0159 6664 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:08:01.0160 6664 blbdrive - ok
22:08:01.0165 6664 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:08:01.0169 6664 Bonjour Service - ok
22:08:01.0171 6664 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:08:01.0172 6664 bowser - ok
22:08:01.0174 6664 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:08:01.0174 6664 BrFiltLo - ok
22:08:01.0176 6664 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:08:01.0176 6664 BrFiltUp - ok
22:08:01.0179 6664 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:08:01.0180 6664 Browser - ok
22:08:01.0184 6664 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:08:01.0186 6664 Brserid - ok
22:08:01.0188 6664 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:08:01.0189 6664 BrSerWdm - ok
22:08:01.0191 6664 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:08:01.0192 6664 BrUsbMdm - ok
22:08:01.0193 6664 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:08:01.0194 6664 BrUsbSer - ok
22:08:01.0196 6664 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:08:01.0196 6664 BTHMODEM - ok
22:08:01.0199 6664 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:08:01.0200 6664 bthserv - ok
22:08:01.0204 6664 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:08:01.0205 6664 cdfs - ok
22:08:01.0209 6664 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:08:01.0209 6664 cdrom - ok
22:08:01.0213 6664 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:08:01.0214 6664 CertPropSvc - ok
22:08:01.0216 6664 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:08:01.0217 6664 circlass - ok
22:08:01.0220 6664 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:08:01.0223 6664 CLFS - ok
22:08:01.0231 6664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:08:01.0233 6664 clr_optimization_v2.0.50727_32 - ok
22:08:01.0240 6664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:08:01.0246 6664 clr_optimization_v4.0.30319_32 - ok
22:08:01.0254 6664 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:08:01.0254 6664 CmBatt - ok
22:08:01.0256 6664 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:08:01.0256 6664 cmdide - ok
22:08:01.0261 6664 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:08:01.0264 6664 CNG - ok
22:08:01.0266 6664 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:08:01.0267 6664 Compbatt - ok
22:08:01.0269 6664 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:08:01.0269 6664 CompositeBus - ok
22:08:01.0271 6664 COMSysApp - ok
22:08:01.0273 6664 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:08:01.0273 6664 crcdisk - ok
22:08:01.0277 6664 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:08:01.0278 6664 CryptSvc - ok
22:08:01.0284 6664 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:08:01.0288 6664 DcomLaunch - ok
22:08:01.0291 6664 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:08:01.0293 6664 defragsvc - ok
22:08:01.0296 6664 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:08:01.0297 6664 DfsC - ok
22:08:01.0301 6664 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:08:01.0303 6664 Dhcp - ok
22:08:01.0305 6664 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:08:01.0306 6664 discache - ok
22:08:01.0308 6664 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:08:01.0309 6664 Disk - ok
22:08:01.0312 6664 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:08:01.0313 6664 Dnscache - ok
22:08:01.0317 6664 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:08:01.0318 6664 dot3svc - ok
22:08:01.0322 6664 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:08:01.0323 6664 DPS - ok
22:08:01.0325 6664 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:08:01.0325 6664 drmkaud - ok
22:08:01.0333 6664 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:08:01.0339 6664 DXGKrnl - ok
22:08:01.0341 6664 EagleXNt - ok
22:08:01.0345 6664 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:08:01.0346 6664 EapHost - ok
22:08:01.0374 6664 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:08:01.0398 6664 ebdrv - ok
22:08:01.0401 6664 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:08:01.0402 6664 EFS - ok
22:08:01.0410 6664 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:08:01.0416 6664 ehRecvr - ok
22:08:01.0418 6664 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:08:01.0420 6664 ehSched - ok
22:08:01.0426 6664 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:08:01.0430 6664 elxstor - ok
22:08:01.0432 6664 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:08:01.0432 6664 ErrDev - ok
22:08:01.0435 6664 [ 3F3126A8F73E92F8EB369D54977D9E15 ] ESLvnic1 C:\Windows\system32\DRIVERS\ESLvnic.sys
22:08:01.0436 6664 ESLvnic1 - ok
22:08:01.0446 6664 [ 5F579784A1663B67A849039BF74994BF ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys
22:08:01.0453 6664 ESLWireAC - ok
22:08:01.0551 6664 [ 54187445E0A4DF6741DD382C5C38B848 ] EslWireHelper D:\Program Files\EslWire\service\WireHelperSvc.exe
22:08:01.0556 6664 EslWireHelper - ok
22:08:01.0560 6664 [ 6B93B103242C3C30F850F53DBE39ED88 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
22:08:01.0561 6664 EuMusDesignVirtualAudioCableWdm - ok
22:08:01.0566 6664 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:08:01.0568 6664 EventSystem - ok
22:08:01.0571 6664 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:08:01.0573 6664 exfat - ok
22:08:01.0576 6664 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:08:01.0577 6664 fastfat - ok
22:08:01.0584 6664 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:08:01.0588 6664 Fax - ok
22:08:01.0590 6664 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:08:01.0591 6664 fdc - ok
22:08:01.0593 6664 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:08:01.0594 6664 fdPHost - ok
22:08:01.0596 6664 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:08:01.0596 6664 FDResPub - ok
22:08:01.0598 6664 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:08:01.0599 6664 FileInfo - ok
22:08:01.0601 6664 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:08:01.0601 6664 Filetrace - ok
22:08:01.0603 6664 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:08:01.0603 6664 flpydisk - ok
22:08:01.0606 6664 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:08:01.0607 6664 FltMgr - ok
22:08:01.0617 6664 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
22:08:01.0624 6664 FontCache - ok
22:08:01.0627 6664 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:08:01.0628 6664 FontCache3.0.0.0 - ok
22:08:01.0630 6664 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:08:01.0631 6664 FsDepends - ok
22:08:01.0633 6664 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:08:01.0633 6664 Fs_Rec - ok
22:08:01.0636 6664 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:08:01.0638 6664 fvevol - ok
22:08:01.0640 6664 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:08:01.0641 6664 gagp30kx - ok
22:08:01.0643 6664 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:08:01.0643 6664 GEARAspiWDM - ok
22:08:01.0650 6664 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:08:01.0655 6664 gpsvc - ok
22:08:01.0660 6664 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:08:01.0660 6664 gupdate - ok
22:08:01.0664 6664 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:08:01.0664 6664 gupdatem - ok
22:08:01.0666 6664 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:08:01.0667 6664 hcw85cir - ok
22:08:01.0671 6664 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:08:01.0674 6664 HdAudAddService - ok
22:08:01.0677 6664 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:08:01.0678 6664 HDAudBus - ok
22:08:01.0680 6664 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:08:01.0680 6664 HidBatt - ok
22:08:01.0682 6664 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:08:01.0683 6664 HidBth - ok
22:08:01.0685 6664 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:08:01.0686 6664 HidIr - ok
22:08:01.0688 6664 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:08:01.0689 6664 hidserv - ok
22:08:01.0691 6664 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:08:01.0692 6664 HidUsb - ok
22:08:01.0694 6664 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:08:01.0695 6664 hkmsvc - ok
22:08:01.0699 6664 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:08:01.0701 6664 HomeGroupListener - ok
22:08:01.0704 6664 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:08:01.0707 6664 HomeGroupProvider - ok
22:08:01.0709 6664 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:08:01.0710 6664 HpSAMD - ok
22:08:01.0719 6664 [ CCFA6A6925E4544A8167B753C7DDE345 ] hshld C:\Program Files\Hotspot Shield\bin\openvpnas.exe
22:08:01.0722 6664 hshld - ok
22:08:01.0727 6664 [ FB2D0CAD5BFE427A81259D2AD68D7B33 ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
22:08:01.0728 6664 HssDRV6 - ok
22:08:01.0735 6664 [ 7321BCA90DD53CC46EFDF1D4D44964E1 ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
22:08:01.0738 6664 HssSrv - ok
22:08:01.0740 6664 [ 01BEF3BF1C5262B76981D430E430E89B ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
22:08:01.0740 6664 HssTrayService - ok
22:08:01.0747 6664 [ 2E1DF960A48BDE321881823ABBB2E1C7 ] HssWd C:\Program Files\Hotspot Shield\bin\hsswd.exe
22:08:01.0749 6664 HssWd - ok
22:08:01.0757 6664 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:08:01.0764 6664 HTTP - ok
22:08:01.0766 6664 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:08:01.0766 6664 hwpolicy - ok
22:08:01.0769 6664 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:08:01.0769 6664 i8042prt - ok
22:08:01.0773 6664 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:08:01.0776 6664 iaStorV - ok
22:08:01.0785 6664 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:08:01.0794 6664 idsvc - ok
22:08:01.0796 6664 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:08:01.0797 6664 iirsp - ok
22:08:01.0805 6664 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:08:01.0811 6664 IKEEXT - ok
22:08:01.0842 6664 [ 6BEA3C6C9B0DC7BB92A54154796895B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:08:01.0870 6664 IntcAzAudAddService - ok
22:08:01.0873 6664 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:08:01.0873 6664 intelide - ok
22:08:01.0875 6664 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:08:01.0876 6664 intelppm - ok
22:08:01.0878 6664 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:08:01.0879 6664 IPBusEnum - ok
22:08:01.0881 6664 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:08:01.0882 6664 IpFilterDriver - ok
22:08:01.0887 6664 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:08:01.0892 6664 iphlpsvc - ok
22:08:01.0894 6664 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:08:01.0894 6664 IPMIDRV - ok
22:08:01.0897 6664 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:08:01.0898 6664 IPNAT - ok
22:08:01.0907 6664 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:08:01.0914 6664 iPod Service - ok
22:08:01.0916 6664 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:08:01.0916 6664 IRENUM - ok
22:08:01.0920 6664 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:08:01.0920 6664 isapnp - ok
22:08:01.0925 6664 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:08:01.0928 6664 iScsiPrt - ok
22:08:01.0932 6664 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:08:01.0932 6664 kbdclass - ok
22:08:01.0934 6664 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:08:01.0934 6664 kbdhid - ok
22:08:01.0936 6664 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:08:01.0937 6664 KeyIso - ok
22:08:01.0940 6664 [ 94D67D49BD9503BB1D838405D80F2058 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:08:01.0941 6664 KL1 - ok
22:08:01.0943 6664 [ 713576569667AC9E0F8556076004A96B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:08:01.0944 6664 kl2 - ok
22:08:01.0949 6664 [ 39920D69EAEDB51757527AA54FE25216 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:08:01.0953 6664 KLIF - ok
22:08:01.0956 6664 [ CF88B4985D957EEE45C9939092E87C92 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
22:08:01.0956 6664 KLIM6 - ok
22:08:01.0958 6664 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
22:08:01.0959 6664 klmouflt - ok
22:08:01.0961 6664 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:08:01.0962 6664 KSecDD - ok
22:08:01.0965 6664 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:08:01.0966 6664 KSecPkg - ok
22:08:01.0971 6664 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:08:01.0973 6664 KtmRm - ok
22:08:01.0978 6664 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:08:01.0980 6664 LanmanServer - ok
22:08:01.0983 6664 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:08:01.0985 6664 LanmanWorkstation - ok
22:08:01.0988 6664 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:08:01.0989 6664 lltdio - ok
22:08:01.0992 6664 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:08:01.0994 6664 lltdsvc - ok
22:08:01.0995 6664 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:08:01.0996 6664 lmhosts - ok
22:08:02.0002 6664 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:08:02.0004 6664 LMS - ok
22:08:02.0008 6664 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:08:02.0008 6664 LSI_FC - ok
22:08:02.0011 6664 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:08:02.0012 6664 LSI_SAS - ok
22:08:02.0015 6664 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:08:02.0016 6664 LSI_SAS2 - ok
22:08:02.0018 6664 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:08:02.0019 6664 LSI_SCSI - ok
22:08:02.0021 6664 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:08:02.0022 6664 luafv - ok
22:08:02.0025 6664 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:08:02.0025 6664 MBAMProtector - ok
22:08:02.0074 6664 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:08:02.0077 6664 MBAMScheduler - ok
22:08:02.0101 6664 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:08:02.0107 6664 MBAMService - ok
22:08:02.0110 6664 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:08:02.0111 6664 Mcx2Svc - ok
22:08:02.0113 6664 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:08:02.0113 6664 megasas - ok
22:08:02.0117 6664 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:08:02.0118 6664 MegaSR - ok
22:08:02.0121 6664 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
22:08:02.0122 6664 MEI - ok
22:08:02.0125 6664 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:08:02.0126 6664 MMCSS - ok
22:08:02.0128 6664 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:08:02.0129 6664 Modem - ok
22:08:02.0131 6664 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:08:02.0131 6664 monitor - ok
22:08:02.0133 6664 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:08:02.0134 6664 mouclass - ok
22:08:02.0137 6664 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:08:02.0137 6664 mouhid - ok
22:08:02.0140 6664 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:08:02.0141 6664 mountmgr - ok
22:08:02.0145 6664 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:08:02.0147 6664 MozillaMaintenance - ok
22:08:02.0150 6664 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:08:02.0151 6664 mpio - ok
22:08:02.0153 6664 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:08:02.0154 6664 mpsdrv - ok
22:08:02.0161 6664 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:08:02.0166 6664 MpsSvc - ok
22:08:02.0169 6664 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:08:02.0170 6664 MRxDAV - ok
22:08:02.0173 6664 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:08:02.0174 6664 mrxsmb - ok
22:08:02.0177 6664 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:08:02.0179 6664 mrxsmb10 - ok
22:08:02.0182 6664 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:08:02.0183 6664 mrxsmb20 - ok
22:08:02.0185 6664 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:08:02.0186 6664 msahci - ok
22:08:02.0188 6664 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:08:02.0189 6664 msdsm - ok
22:08:02.0192 6664 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:08:02.0194 6664 MSDTC - ok
22:08:02.0197 6664 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:08:02.0198 6664 Msfs - ok
22:08:02.0199 6664 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:08:02.0199 6664 mshidkmdf - ok
22:08:02.0201 6664 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:08:02.0202 6664 msisadrv - ok
22:08:02.0205 6664 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:08:02.0206 6664 MSiSCSI - ok
22:08:02.0207 6664 msiserver - ok
22:08:02.0209 6664 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:08:02.0210 6664 MSKSSRV - ok
22:08:02.0211 6664 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:08:02.0212 6664 MSPCLOCK - ok
22:08:02.0213 6664 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:08:02.0214 6664 MSPQM - ok
22:08:02.0217 6664 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:08:02.0218 6664 MsRPC - ok
22:08:02.0221 6664 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:08:02.0221 6664 mssmbios - ok
22:08:02.0223 6664 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:08:02.0223 6664 MSTEE - ok
22:08:02.0225 6664 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:08:02.0226 6664 MTConfig - ok
22:08:02.0227 6664 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:08:02.0228 6664 Mup - ok
22:08:02.0232 6664 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:08:02.0236 6664 napagent - ok
22:08:02.0240 6664 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:08:02.0242 6664 NativeWifiP - ok
22:08:02.0250 6664 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:08:02.0256 6664 NDIS - ok
22:08:02.0258 6664 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:08:02.0258 6664 NdisCap - ok
22:08:02.0261 6664 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:08:02.0261 6664 NdisTapi - ok
22:08:02.0263 6664 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:08:02.0264 6664 Ndisuio - ok
22:08:02.0266 6664 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:08:02.0268 6664 NdisWan - ok
22:08:02.0270 6664 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:08:02.0270 6664 NDProxy - ok
22:08:02.0273 6664 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:08:02.0273 6664 NetBIOS - ok
22:08:02.0276 6664 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:08:02.0278 6664 NetBT - ok
22:08:02.0280 6664 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:08:02.0281 6664 Netlogon - ok
22:08:02.0286 6664 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:08:02.0289 6664 Netman - ok
22:08:02.0293 6664 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:08:02.0297 6664 netprofm - ok
22:08:02.0299 6664 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:08:02.0300 6664 NetTcpPortSharing - ok
22:08:02.0302 6664 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:08:02.0303 6664 nfrd960 - ok
22:08:02.0306 6664 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:08:02.0309 6664 NlaSvc - ok
22:08:02.0311 6664 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:08:02.0312 6664 Npfs - ok
22:08:02.0315 6664 npggsvc - ok
22:08:02.0317 6664 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\Windows\system32\npptNT2.sys
22:08:02.0318 6664 NPPTNT2 - ok
22:08:02.0320 6664 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:08:02.0322 6664 nsi - ok
22:08:02.0324 6664 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:08:02.0324 6664 nsiproxy - ok
22:08:02.0336 6664 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:08:02.0346 6664 Ntfs - ok
22:08:02.0348 6664 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:08:02.0348 6664 Null - ok
22:08:02.0352 6664 [ 96C27791D5AE5C77E37C61B15112E38D ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
22:08:02.0353 6664 NVHDA - ok
22:08:02.0446 6664 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:08:02.0529 6664 nvlddmkm - ok
22:08:02.0534 6664 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:08:02.0535 6664 nvraid - ok
22:08:02.0538 6664 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:08:02.0539 6664 nvstor - ok
22:08:02.0546 6664 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] NVSvc C:\Windows\system32\nvvsvc.exe
22:08:02.0549 6664 NVSvc - ok
22:08:02.0563 6664 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:08:02.0574 6664 nvUpdatusService - ok
22:08:02.0577 6664 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:08:02.0579 6664 nv_agp - ok
22:08:02.0581 6664 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:08:02.0582 6664 ohci1394 - ok
22:08:02.0586 6664 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:08:02.0589 6664 p2pimsvc - ok
22:08:02.0594 6664 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:08:02.0597 6664 p2psvc - ok
22:08:02.0600 6664 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:08:02.0601 6664 Parport - ok
22:08:02.0603 6664 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:08:02.0603 6664 partmgr - ok
22:08:02.0605 6664 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:08:02.0606 6664 Parvdm - ok
22:08:02.0609 6664 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:08:02.0611 6664 PcaSvc - ok
22:08:02.0614 6664 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:08:02.0616 6664 pci - ok
22:08:02.0618 6664 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:08:02.0618 6664 pciide - ok
22:08:02.0622 6664 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:08:02.0623 6664 pcmcia - ok
22:08:02.0625 6664 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:08:02.0626 6664 pcw - ok
22:08:02.0632 6664 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:08:02.0637 6664 PEAUTH - ok
22:08:02.0656 6664 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:08:02.0671 6664 pla - ok
22:08:02.0676 6664 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:08:02.0680 6664 PlugPlay - ok
22:08:02.0685 6664 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
22:08:02.0687 6664 PnkBstrA - ok
22:08:02.0689 6664 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:08:02.0690 6664 PNRPAutoReg - ok
22:08:02.0694 6664 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:08:02.0696 6664 PNRPsvc - ok
22:08:02.0701 6664 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:08:02.0703 6664 PolicyAgent - ok
22:08:02.0707 6664 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:08:02.0709 6664 Power - ok
22:08:02.0712 6664 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:08:02.0713 6664 PptpMiniport - ok
22:08:02.0715 6664 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:08:02.0715 6664 Processor - ok
22:08:02.0719 6664 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:08:02.0721 6664 ProfSvc - ok
22:08:02.0723 6664 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:08:02.0724 6664 ProtectedStorage - ok
22:08:02.0727 6664 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:08:02.0728 6664 Psched - ok
22:08:02.0741 6664 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:08:02.0752 6664 ql2300 - ok
22:08:02.0755 6664 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:08:02.0756 6664 ql40xx - ok
22:08:02.0759 6664 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:08:02.0762 6664 QWAVE - ok
22:08:02.0764 6664 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:08:02.0765 6664 QWAVEdrv - ok
22:08:02.0766 6664 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:08:02.0767 6664 RasAcd - ok
22:08:02.0769 6664 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:08:02.0769 6664 RasAgileVpn - ok
22:08:02.0772 6664 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:08:02.0774 6664 RasAuto - ok
22:08:02.0776 6664 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:08:02.0777 6664 Rasl2tp - ok
22:08:02.0781 6664 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:08:02.0784 6664 RasMan - ok
22:08:02.0786 6664 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:08:02.0787 6664 RasPppoe - ok
22:08:02.0790 6664 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:08:02.0791 6664 RasSstp - ok
22:08:02.0795 6664 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:08:02.0797 6664 rdbss - ok
22:08:02.0799 6664 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:08:02.0799 6664 rdpbus - ok
22:08:02.0801 6664 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:08:02.0802 6664 RDPCDD - ok
22:08:02.0804 6664 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:08:02.0805 6664 RDPENCDD - ok
22:08:02.0807 6664 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:08:02.0808 6664 RDPREFMP - ok
22:08:02.0811 6664 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:08:02.0812 6664 RDPWD - ok
22:08:02.0816 6664 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:08:02.0817 6664 rdyboost - ok
22:08:02.0820 6664 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:08:02.0821 6664 RemoteAccess - ok
22:08:02.0823 6664 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:08:02.0825 6664 RemoteRegistry - ok
22:08:02.0827 6664 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:08:02.0829 6664 RpcEptMapper - ok
22:08:02.0831 6664 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:08:02.0832 6664 RpcLocator - ok
22:08:02.0836 6664 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:08:02.0838 6664 RpcSs - ok
22:08:02.0841 6664 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:08:02.0842 6664 rspndr - ok
22:08:02.0850 6664 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
22:08:02.0854 6664 RTL8167 - ok
22:08:02.0856 6664 [ 32A7DBFAC034DFEDBB031E67BB886BF7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
22:08:02.0857 6664 RtNdPt60 - ok
22:08:02.0859 6664 [ F816662AB13A57F1CE4542336AA02694 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
22:08:02.0859 6664 RTTEAMPT - ok
22:08:02.0862 6664 [ 62E01F439C73FCFCCA04F0E9D5255664 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
22:08:02.0862 6664 RTVLANPT - ok
22:08:02.0864 6664 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:08:02.0865 6664 SamSs - ok
22:08:02.0867 6664 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:08:02.0868 6664 sbp2port - ok
22:08:02.0871 6664 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:08:02.0873 6664 SCardSvr - ok
22:08:02.0875 6664 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:08:02.0876 6664 scfilter - ok
22:08:02.0884 6664 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:08:02.0891 6664 Schedule - ok
22:08:02.0894 6664 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:08:02.0894 6664 SCPolicySvc - ok
22:08:02.0897 6664 [ A689D522EEDF89401E1DA2FE883AA7EC ] SCREAMINGBDRIVER C:\Windows\system32\drivers\ScreamingBAudio.sys
22:08:02.0897 6664 SCREAMINGBDRIVER - ok
22:08:02.0900 6664 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:08:02.0902 6664 SDRSVC - ok
22:08:02.0904 6664 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:08:02.0905 6664 secdrv - ok
22:08:02.0907 6664 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:08:02.0908 6664 seclogon - ok
22:08:02.0910 6664 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:08:02.0912 6664 SENS - ok
22:08:02.0914 6664 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:08:02.0916 6664 SensrSvc - ok
22:08:02.0918 6664 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:08:02.0918 6664 Serenum - ok
22:08:02.0921 6664 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:08:02.0921 6664 Serial - ok
22:08:02.0923 6664 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:08:02.0924 6664 sermouse - ok
22:08:02.0929 6664 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:08:02.0931 6664 SessionEnv - ok
22:08:02.0933 6664 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:08:02.0933 6664 sffdisk - ok
22:08:02.0935 6664 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:08:02.0935 6664 sffp_mmc - ok
22:08:02.0938 6664 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:08:02.0938 6664 sffp_sd - ok
22:08:02.0940 6664 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:08:02.0941 6664 sfloppy - ok
22:08:02.0945 6664 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:08:02.0947 6664 SharedAccess - ok
22:08:02.0951 6664 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:08:02.0955 6664 ShellHWDetection - ok
22:08:02.0957 6664 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:08:02.0958 6664 sisagp - ok
22:08:02.0960 6664 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:08:02.0961 6664 SiSRaid2 - ok
22:08:02.0963 6664 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:08:02.0964 6664 SiSRaid4 - ok
22:08:02.0969 6664 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:08:02.0971 6664 SkypeUpdate - ok
22:08:02.0973 6664 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:08:02.0974 6664 Smb - ok
22:08:02.0978 6664 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:08:02.0979 6664 SNMPTRAP - ok
22:08:02.0981 6664 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:08:02.0982 6664 spldr - ok
22:08:02.0986 6664 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:08:02.0990 6664 Spooler - ok
22:08:03.0016 6664 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:08:03.0042 6664 sppsvc - ok
22:08:03.0046 6664 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:08:03.0047 6664 sppuinotify - ok
22:08:03.0052 6664 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:08:03.0055 6664 srv - ok
22:08:03.0059 6664 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:08:03.0062 6664 srv2 - ok
22:08:03.0065 6664 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:08:03.0065 6664 srvnet - ok
22:08:03.0069 6664 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:08:03.0071 6664 SSDPSRV - ok
22:08:03.0073 6664 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:08:03.0075 6664 SstpSvc - ok
22:08:03.0079 6664 Steam Client Service - ok
22:08:03.0087 6664 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:08:03.0088 6664 Stereo Service - ok
22:08:03.0091 6664 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:08:03.0091 6664 stexstor - ok
22:08:03.0097 6664 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:08:03.0103 6664 StiSvc - ok
22:08:03.0105 6664 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:08:03.0105 6664 swenum - ok
22:08:03.0110 6664 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:08:03.0112 6664 swprv - ok
22:08:03.0123 6664 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:08:03.0133 6664 SysMain - ok
22:08:03.0136 6664 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:08:03.0138 6664 TabletInputService - ok
22:08:03.0141 6664 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
22:08:03.0142 6664 taphss - ok
22:08:03.0145 6664 [ DEB7FA72F982C4881E633507C5265A3C ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
22:08:03.0145 6664 taphss6 - ok
22:08:03.0149 6664 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:08:03.0152 6664 TapiSrv - ok
22:08:03.0154 6664 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:08:03.0156 6664 TBS - ok
22:08:03.0168 6664 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:08:03.0179 6664 Tcpip - ok
22:08:03.0191 6664 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:08:03.0196 6664 TCPIP6 - ok
22:08:03.0201 6664 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:08:03.0202 6664 tcpipreg - ok
22:08:03.0205 6664 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:08:03.0206 6664 TDPIPE - ok
22:08:03.0208 6664 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:08:03.0208 6664 TDTCP - ok
22:08:03.0211 6664 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:08:03.0212 6664 tdx - ok
22:08:03.0214 6664 [ F816662AB13A57F1CE4542336AA02694 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
22:08:03.0214 6664 TEAM - ok
22:08:03.0248 6664 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
22:08:03.0278 6664 TeamViewer8 - ok
22:08:03.0281 6664 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:08:03.0282 6664 TermDD - ok
22:08:03.0288 6664 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:08:03.0293 6664 TermService - ok
22:08:03.0296 6664 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:08:03.0297 6664 Themes - ok
22:08:03.0299 6664 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:08:03.0300 6664 THREADORDER - ok
22:08:03.0303 6664 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:08:03.0305 6664 TrkWks - ok
22:08:03.0308 6664 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:08:03.0309 6664 TrustedInstaller - ok
22:08:03.0312 6664 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:08:03.0312 6664 tssecsrv - ok
22:08:03.0315 6664 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:08:03.0316 6664 TsUsbFlt - ok
22:08:03.0319 6664 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:08:03.0320 6664 tunnel - ok
22:08:03.0322 6664 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:08:03.0323 6664 uagp35 - ok
22:08:03.0327 6664 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:08:03.0328 6664 udfs - ok
22:08:03.0332 6664 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:08:03.0334 6664 UI0Detect - ok
22:08:03.0336 6664 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:08:03.0337 6664 uliagpkx - ok
22:08:03.0340 6664 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:08:03.0340 6664 umbus - ok
22:08:03.0342 6664 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:08:03.0343 6664 UmPass - ok
22:08:03.0368 6664 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:08:03.0390 6664 UNS - ok
22:08:03.0395 6664 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:08:03.0398 6664 upnphost - ok
22:08:03.0401 6664 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:08:03.0402 6664 USBAAPL - ok
22:08:03.0404 6664 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:08:03.0406 6664 usbaudio - ok
22:08:03.0408 6664 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:08:03.0409 6664 usbccgp - ok
22:08:03.0412 6664 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:08:03.0413 6664 usbcir - ok
22:08:03.0415 6664 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:08:03.0416 6664 usbehci - ok
22:08:03.0420 6664 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:08:03.0422 6664 usbhub - ok
22:08:03.0424 6664 USBMULCD - ok
22:08:03.0426 6664 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:08:03.0426 6664 usbohci - ok
22:08:03.0429 6664 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:08:03.0429 6664 usbprint - ok
22:08:03.0432 6664 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:08:03.0432 6664 USBSTOR - ok
22:08:03.0434 6664 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:08:03.0435 6664 usbuhci - ok
22:08:03.0437 6664 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:08:03.0439 6664 UxSms - ok
22:08:03.0441 6664 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:08:03.0442 6664 VaultSvc - ok
22:08:03.0444 6664 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:08:03.0445 6664 vdrvroot - ok
22:08:03.0450 6664 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:08:03.0454 6664 vds - ok
22:08:03.0457 6664 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:08:03.0457 6664 vga - ok
22:08:03.0459 6664 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:08:03.0460 6664 VgaSave - ok
22:08:03.0463 6664 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:08:03.0464 6664 vhdmp - ok
22:08:03.0467 6664 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:08:03.0468 6664 viaagp - ok
22:08:03.0470 6664 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:08:03.0470 6664 ViaC7 - ok
22:08:03.0472 6664 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:08:03.0473 6664 viaide - ok
22:08:03.0475 6664 [ 62E01F439C73FCFCCA04F0E9D5255664 ] VLAN C:\Windows\system32\DRIVERS\RtVLAN60.sys
22:08:03.0475 6664 VLAN - ok
22:08:03.0477 6664 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:08:03.0478 6664 volmgr - ok
22:08:03.0483 6664 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:08:03.0485 6664 volmgrx - ok
22:08:03.0489 6664 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:08:03.0491 6664 volsnap - ok
22:08:03.0495 6664 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:08:03.0496 6664 vsmraid - ok
22:08:03.0507 6664 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:08:03.0512 6664 VSS - ok
22:08:03.0514 6664 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:08:03.0514 6664 vwifibus - ok
22:08:03.0519 6664 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:08:03.0522 6664 W32Time - ok
22:08:03.0525 6664 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:08:03.0525 6664 WacomPen - ok
22:08:03.0528 6664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:08:03.0528 6664 WANARP - ok
22:08:03.0530 6664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:08:03.0530 6664 Wanarpv6 - ok
22:08:03.0543 6664 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:08:03.0556 6664 WatAdminSvc - ok
22:08:03.0568 6664 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:08:03.0579 6664 wbengine - ok
22:08:03.0583 6664 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:08:03.0585 6664 WbioSrvc - ok
22:08:03.0589 6664 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:08:03.0593 6664 wcncsvc - ok
22:08:03.0595 6664 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:08:03.0597 6664 WcsPlugInService - ok
22:08:03.0599 6664 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:08:03.0599 6664 Wd - ok
22:08:03.0605 6664 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:08:03.0610 6664 Wdf01000 - ok
22:08:03.0612 6664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:08:03.0614 6664 WdiServiceHost - ok
22:08:03.0616 6664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:08:03.0617 6664 WdiSystemHost - ok
22:08:03.0621 6664 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:08:03.0624 6664 WebClient - ok
22:08:03.0628 6664 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:08:03.0630 6664 Wecsvc - ok
22:08:03.0633 6664 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:08:03.0635 6664 wercplsupport - ok
22:08:03.0637 6664 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:08:03.0639 6664 WerSvc - ok
22:08:03.0642 6664 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:08:03.0642 6664 WfpLwf - ok
22:08:03.0644 6664 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:08:03.0644 6664 WIMMount - ok
22:08:03.0652 6664 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:08:03.0658 6664 WinDefend - ok
22:08:03.0660 6664 WinHttpAutoProxySvc - ok
22:08:03.0667 6664 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:08:03.0669 6664 Winmgmt - ok
22:08:03.0680 6664 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:08:03.0690 6664 WinRM - ok
22:08:03.0696 6664 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:08:03.0696 6664 WinUsb - ok
22:08:03.0705 6664 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:08:03.0713 6664 Wlansvc - ok
22:08:03.0731 6664 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:08:03.0745 6664 wlidsvc - ok
22:08:03.0748 6664 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:08:03.0748 6664 WmiAcpi - ok
22:08:03.0752 6664 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:08:03.0754 6664 wmiApSrv - ok
22:08:03.0765 6664 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:08:03.0769 6664 WMPNetworkSvc - ok
22:08:03.0771 6664 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:08:03.0773 6664 WPCSvc - ok
22:08:03.0776 6664 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:08:03.0778 6664 WPDBusEnum - ok
22:08:03.0780 6664 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:08:03.0780 6664 ws2ifsl - ok
22:08:03.0783 6664 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:08:03.0785 6664 wscsvc - ok
22:08:03.0786 6664 WSearch - ok
22:08:03.0805 6664 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:08:03.0822 6664 wuauserv - ok
22:08:03.0825 6664 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:08:03.0825 6664 WudfPf - ok
22:08:03.0830 6664 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:08:03.0831 6664 WUDFRd - ok
22:08:03.0834 6664 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:08:03.0836 6664 wudfsvc - ok
22:08:03.0840 6664 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:08:03.0843 6664 WwanSvc - ok
22:08:03.0847 6664 XDva392 - ok
22:08:03.0850 6664 ================ Scan global ===============================
22:08:03.0852 6664 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:08:03.0855 6664 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:08:03.0860 6664 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:08:03.0864 6664 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:08:03.0868 6664 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:08:03.0871 6664 [Global] - ok
22:08:03.0871 6664 ================ Scan MBR ==================================
22:08:03.0873 6664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:08:03.0935 6664 \Device\Harddisk0\DR0 - ok
22:08:03.0936 6664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:08:03.0940 6664 \Device\Harddisk1\DR1 - ok
22:08:03.0941 6664 ================ Scan VBR ==================================
22:08:03.0942 6664 [ 089ADDB0BEF68123CF80041978270CD5 ] \Device\Harddisk0\DR0\Partition1
22:08:03.0943 6664 \Device\Harddisk0\DR0\Partition1 - ok
22:08:03.0944 6664 [ 03DABFEE8C3D900EE7496C55BA28FDDA ] \Device\Harddisk0\DR0\Partition2
22:08:03.0945 6664 \Device\Harddisk0\DR0\Partition2 - ok
22:08:03.0946 6664 [ 043EB10EA9F8D1F7909D0CCBC975A69A ] \Device\Harddisk1\DR1\Partition1
22:08:03.0947 6664 \Device\Harddisk1\DR1\Partition1 - ok
22:08:03.0947 6664 ============================================================
22:08:03.0947 6664 Scan finished
22:08:03.0947 6664 ============================================================
22:08:03.0952 6632 Detected object count: 0
22:08:03.0952 6632 Actual detected object count: 0
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-14 21:01:38
-----------------------------
21:01:38.430 OS Version: Windows 6.1.7601 Service Pack 1
21:01:38.431 Number of processors: 8 586 0x2A07
21:01:38.433 ComputerName: JEEZY1 UserName: JEEZY
21:02:03.561 Initialize success
21:10:51.703 AVAST engine defs: 13031401
22:03:57.700 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
22:03:57.701 Disk 0 Vendor: KINGSTON_SVP100S264G CJRA0202 Size: 61057MB BusType: 3
22:03:57.702 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-8
22:03:57.704 Disk 1 Vendor: WDC_WD15EARS-19MVWB0 51.0AB51 Size: 1430799MB BusType: 3
22:03:57.706 Disk 0 MBR read successfully
22:03:57.707 Disk 0 MBR scan
22:03:57.710 Disk 0 Windows 7 default MBR code
22:03:57.712 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:03:57.716 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
22:03:57.720 Disk 0 scanning sectors +125042688
22:03:57.726 Disk 0 scanning C:\Windows\system32\drivers
22:04:00.310 Service scanning
22:04:02.732 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:04:02.746 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
22:04:02.781 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:04:02.794 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:04:06.914 Modules scanning
22:04:08.703 Disk 0 trace - called modules:
22:04:08.709 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:04:08.713 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86877030]
22:04:08.716 3 CLASSPNP.SYS[8e57959e] -> nt!IofCallDriver -> [0x862e8328]
22:04:08.719 5 ACPI.sys[8d6283d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-7[0x8637d030]
22:04:08.923 AVAST engine scan C:\Windows
22:04:09.318 AVAST engine scan C:\Windows\system32
22:05:01.466 AVAST engine scan C:\Windows\system32\drivers
22:05:04.920 AVAST engine scan C:\Users\JEEZY
22:07:41.817 Disk 0 MBR has been saved successfully to "C:\Users\JEEZY\Desktop\MBR.dat"
22:07:41.818 The log file has been saved successfully to "C:\Users\JEEZY\Desktop\aswMBR.txt"
|
|
14.03.2013, 22:56
| #8 | |
| /// TB-Ausbilder | Musik im Hintergrund wenn Browser offen ist WIN7 Hi, mach damit weiter: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
15.03.2013, 14:08
| #9 | |
| | Musik im Hintergrund wenn Browser offen ist WIN7 AdwCleaner Code:
ATTFilter # AdwCleaner v2.114 - Datei am 15/03/2013 um 13:49:17 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : JEEZY - JEEZY1
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\JEEZY\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\searchplugins\icqplugin-1.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\JEEZY\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\firejump@firejump.net
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5d538bdeb43dee43
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\5d538bdeb43dee43
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114026&tt=0113_6&babsrc=HP_ss&mntrId=6ee7012200000000000000ff5ef94524 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\prefs.js
C:\Users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "6");
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dpkLst", "");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "C28CDA6402C30E77190DB37385B548D2");
Gelöscht : user_pref("extensions.BabylonToolbar.id", "6ee7012200000000000000ff5ef94524");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15709");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.21:01:29");
Gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\[...]
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.sg", "czb");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114026&tt=0113_6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.21:01:30");
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1361607618);
Gelöscht : user_pref("icqtoolbar.history", "horkruks||asg||0%3A1%3A29454366||Cam'Ron%20-%20Get%20'Em%20Girls||h[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1343363667");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "7.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "132052132013205213201320521531323");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1361558949);
Gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Chromium v directory_upgrade: true
}
Datei : C:\Users\JEEZY\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.14.1738.0
Datei : C:\Users\JEEZY\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [8757 octets] - [15/03/2013 13:49:17]
########## EOF - C:\AdwCleaner[S1].txt - [8817 octets] ##########
OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.03.2013 13:55:41 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JEEZY\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 60,93% Memory free 6,98 Gb Paging File | 5,52 Gb Available in Paging File | 79,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,53 Gb Total Space | 10,03 Gb Free Space | 16,85% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1273,62 Gb Free Space | 91,15% Space Free | Partition Type: NTFS Computer Name: JEEZY1 | User Name: JEEZY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe PRC - [2013.03.09 15:33:09 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2013.03.08 18:47:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe PRC - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe PRC - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2013.02.21 19:48:23 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () -- D:\Program Files\EslWire\service\WireHelperSvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.20 13:29:22 | 000,101,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE ========== Modules (No Company Name) ========== MOD - [2013.03.09 15:33:08 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.03.08 18:47:49 | 003,069,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll ========== Services (SafeList) ========== SRV - [2013.03.09 15:33:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013.02.22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.17 11:39:02 | 000,615,440 | ---- | M] () [Auto | Running] -- D:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.09 18:06:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.09.05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.07 22:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.02 15:28:56 | 000,361,216 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe -- (AVP) SRV - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6) DRV - [2012.12.17 11:38:54 | 000,867,344 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.04.08 02:51:30 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV - [2012.04.06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.11.06 03:06:37 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.08.03 09:58:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2011.06.02 10:32:50 | 000,317,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci) DRV - [2011.06.02 10:32:50 | 000,101,352 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3) DRV - [2011.03.03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (VLAN) DRV - [2010.01.14 21:27:02 | 000,025,376 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) DRV - [2010.01.14 21:26:46 | 000,040,736 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) DRV - [2010.01.14 21:26:34 | 000,033,056 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60) DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 36 37 4F F0 9B CC 01 [binary data] IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1221864313-813813898-1403309165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4 FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:0.7.1.1 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.03.08 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.11.05 20:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Extensions [2013.03.15 13:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions [2013.03.06 18:05:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\ich@maltegoetz.de [2013.02.23 09:37:18 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\JEEZY\AppData\Roaming\mozilla\Firefox\Profiles\m5697o37.default\extensions\toolbar@web.de [2012.11.02 14:56:01 | 000,077,464 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@billiger.de.xpi [2012.08.26 18:58:28 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\ciuvo-extension@icq.de.xpi [2012.12.30 19:54:44 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2013.02.20 16:59:09 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\JEEZY\AppData\Roaming\mozilla\firefox\profiles\m5697o37.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Docs = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\JEEZY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.06 08:09:09 | 000,001,297 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry) O4 - HKLM..\Run: [RoccatKone+] D:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKLM..\Run: [speedvid] C:\Programme\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe (SpeedVID Accelerator) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [Facebook Update] C:\Users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [ICQ] D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [Irsacu] C:\Users\JEEZY\AppData\Roaming\Doelna\zaesw.exe File not found O4 - HKU\S-1-5-21-1221864313-813813898-1403309165-1000..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JEEZY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EF94524-B58F-4D8C-AEA3-40728AEDA34B}: DhcpNameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7072BE6F-DBB1-44D3-B0BB-C77C59CD5E1D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\kloehk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.15 13:52:05 | 002,417,863 | ---- | C] (Swearware) -- C:\Users\JEEZY\Desktop\ComboFix.exe [2013.03.15 13:41:52 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{98C7E03C-DDC9-4CFD-9D91-2735BD785193} [2013.03.15 06:34:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{C4F6228A-EA4A-4E3E-8D64-81B83E9CAF36} [2013.03.14 22:04:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JEEZY\Desktop\tdsskiller.exe [2013.03.14 20:57:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\JEEZY\Desktop\aswMBR.exe [2013.03.14 16:57:32 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{A7BB5671-C546-4027-8C28-F39537B0CC00} [2013.03.14 03:18:05 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{0950DA9E-A647-4C58-8CDB-33DE61F13E70} [2013.03.13 18:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe [2013.03.13 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Malwarebytes [2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.13 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.13 18:33:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.13 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield [2013.03.13 06:20:17 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{848EEA9D-93E2-43B9-9066-7E75167CACD3} [2013.03.12 16:58:51 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{32E2F4BE-C239-4610-90D5-DB1C2B5192F5} [2013.03.11 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B6D04BA0-AFD9-49C5-BF6C-1027C06748DC} [2013.03.10 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{282767F1-8AD9-4C73-8EBB-2D15A43576FF} [2013.03.10 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{5479D843-A6C6-499F-B831-8439DC0343F0} [2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\ManiaPlanet [2013.03.09 17:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet [2013.03.09 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\Macromedia [2013.03.09 15:32:34 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Documents\My Games [2013.03.09 08:58:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{13270695-25BD-405A-8774-D38B516E5E83} [2013.03.08 18:45:49 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{59F27150-C4D8-4104-AA02-4031C255E7E1} [2013.03.08 06:45:26 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D6844212-8BAC-4CC2-9735-62A8FBCC5ADB} [2013.03.07 15:41:37 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{08EDF804-C6F4-4E91-B1B7-FEB2A8868967} [2013.03.06 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{BE657D5D-9BF8-48B4-8EDF-F2EA353F52E6} [2013.03.05 16:59:21 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{62AC2EA0-53FD-4737-A63A-2D3CBC2D942C} [2013.03.04 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN [2013.03.04 12:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN [2013.03.04 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{EF5457BC-169F-4FBC-BC84-B55AF0D3121C} [2013.03.03 08:24:48 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F619A86A-58C1-4349-BB29-2E1279B144AC} [2013.03.02 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\Desktop\xyyy [2013.03.02 08:28:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{088675A9-A353-4668-9545-4C9F27DDA4DE} [2013.03.01 08:35:24 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{B7476F08-1590-4474-88D9-6B982928F6E2} [2013.02.28 19:41:13 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{42A4BC10-74EB-45B6-94AE-7C2F6A1C732E} [2013.02.27 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{34A76B59-87F8-4BFB-B7F4-A8488C42C72E} [2013.02.27 06:40:19 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{E4C6DE94-3463-445E-954C-08ACC884A93D} [2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.26 07:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.02.26 07:54:05 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{038F85B3-0437-4E06-A222-A427311832A9} [2013.02.25 06:50:39 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91906DC9-2545-42C0-B135-DB8C6D331F1D} [2013.02.24 08:10:29 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{91FC1C01-7701-4E05-B87C-DD532124857E} [2013.02.23 09:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.23 09:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.02.23 09:17:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{F851713B-47CA-4933-8BAC-BC98712AC615} [2013.02.22 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{D49FBA95-891A-425D-8B57-63AC5E26B008} [2013.02.22 02:50:36 | 000,037,064 | ---- | C] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys [2013.02.22 02:37:16 | 000,040,136 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys [2013.02.21 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{343FEAC0-1A8E-41B8-BE61-363F91E05904} [2013.02.20 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{FA038185-FBE0-49E2-9F3D-FA589DDA95D3} [2013.02.19 16:57:59 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{6A946F5A-10A0-4379-B8F1-1F78BA520192} [2013.02.18 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{DAA566C7-8CFD-4C08-B3BE-CBC73A0856BB} [2013.02.17 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{3E84B599-8ABD-45BA-AB21-FCC2C4A37270} [2013.02.16 08:36:12 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{324900D5-BD35-480C-B97B-89D6B0664098} [2013.02.15 08:35:33 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{A40328DD-F743-4E8B-AE67-1EB46DEAB0E3} [2013.02.14 09:09:16 | 000,000,000 | ---D | C] -- C:\Users\JEEZY\AppData\Local\{4A30E1E7-47CC-4690-84D7-725D630FA3B6} ========== Files - Modified Within 30 Days ========== [2013.03.15 13:56:16 | 008,010,930 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.15 13:56:16 | 002,766,072 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.15 13:56:16 | 002,414,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.15 13:56:16 | 002,159,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.15 13:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.15 13:52:15 | 002,417,863 | ---- | M] (Swearware) -- C:\Users\JEEZY\Desktop\ComboFix.exe [2013.03.15 13:50:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.15 13:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.15 13:50:14 | 2810,097,664 | -HS- | M] () -- C:\hiberfil.sys [2013.03.15 13:48:41 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.15 13:48:41 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.14 22:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.14 22:07:41 | 000,000,512 | ---- | M] () -- C:\Users\JEEZY\Desktop\MBR.dat [2013.03.14 22:04:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JEEZY\Desktop\tdsskiller.exe [2013.03.14 20:58:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\JEEZY\Desktop\aswMBR.exe [2013.03.14 19:36:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000UA.job [2013.03.13 22:54:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.13 18:44:51 | 000,377,856 | ---- | M] () -- C:\Users\JEEZY\Desktop\gmer_2.1.19155.exe [2013.03.13 18:40:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JEEZY\Desktop\OTL.exe [2013.03.13 18:33:34 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.11 20:35:38 | 000,082,828 | ---- | M] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg [2013.03.09 16:52:12 | 000,000,216 | ---- | M] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url [2013.03.09 16:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000Core.job [2013.03.09 10:38:29 | 000,001,278 | ---- | M] () -- C:\Users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013.03.04 11:28:18 | 000,019,985 | ---- | M] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg [2013.03.03 10:44:43 | 000,362,063 | ---- | M] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg [2013.03.03 10:27:32 | 000,076,290 | ---- | M] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg [2013.02.26 16:34:22 | 000,013,359 | ---- | M] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg [2013.02.26 16:32:03 | 000,004,304 | ---- | M] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg [2013.02.26 16:22:41 | 000,007,573 | ---- | M] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg [2013.02.26 16:19:13 | 000,007,185 | ---- | M] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg [2013.02.26 16:15:23 | 000,014,462 | ---- | M] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg [2013.02.23 09:37:02 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys [2013.02.22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys [2013.02.14 17:53:45 | 029,241,680 | ---- | M] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav [2013.02.14 16:53:48 | 008,559,440 | ---- | M] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav [2013.02.13 15:35:38 | 000,269,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.14 22:07:41 | 000,000,512 | ---- | C] () -- C:\Users\JEEZY\Desktop\MBR.dat [2013.03.13 18:44:50 | 000,377,856 | ---- | C] () -- C:\Users\JEEZY\Desktop\gmer_2.1.19155.exe [2013.03.13 18:33:34 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.11 20:35:38 | 000,082,828 | ---- | C] () -- C:\Users\JEEZY\Desktop\258612_10200208895244234_1837282503_o.jpg [2013.03.09 16:52:12 | 000,000,216 | ---- | C] () -- C:\Users\JEEZY\Desktop\TrackMania Stadium Open Beta.url [2013.03.09 15:33:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.04 11:28:16 | 000,019,985 | ---- | C] () -- C:\Users\JEEZY\Desktop\581040_606049756076002_496179024_n.jpg [2013.03.03 10:44:43 | 000,362,063 | ---- | C] () -- C:\Users\JEEZY\Desktop\322763_3035941936707_1353384534_o.jpg [2013.03.03 10:27:31 | 000,076,290 | ---- | C] () -- C:\Users\JEEZY\Desktop\theaestheticscrewlogo1.jpg [2013.02.26 16:34:21 | 000,013,359 | ---- | C] () -- C:\Users\JEEZY\Desktop\coco chanel logo.jpg [2013.02.26 16:32:02 | 000,004,304 | ---- | C] () -- C:\Users\JEEZY\Desktop\bvlgari_logo.jpg [2013.02.26 16:22:40 | 000,007,573 | ---- | C] () -- C:\Users\JEEZY\Desktop\Louis-Vuitton-logo.jpg [2013.02.26 16:19:13 | 000,007,185 | ---- | C] () -- C:\Users\JEEZY\Desktop\Yves-Saint-Laurent-Logo.jpeg [2013.02.26 16:15:21 | 000,014,462 | ---- | C] () -- C:\Users\JEEZY\Desktop\46550_473544462676915_1975152977_n.jpg [2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.23 09:37:02 | 000,000,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.14 17:51:13 | 029,241,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_13_02_14_17_51_12.wav [2013.02.14 16:53:02 | 008,559,440 | ---- | C] () -- C:\Users\JEEZY\one direction what makes you beautiful.wav [2012.11.25 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2012.11.18 03:01:11 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.10.12 14:24:53 | 000,944,720 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_12_15_24_50.wav [2012.10.11 19:31:18 | 079,175,120 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_10_11_20_31_10.wav [2012.08.15 20:48:17 | 038,559,440 | ---- | C] () -- C:\Users\JEEZY\meilenstein nilson.wav [2012.07.13 21:40:35 | 117,982,160 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_07_13_22_40_33.wav [2012.07.10 19:26:29 | 000,005,120 | ---- | C] () -- C:\Users\JEEZY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.01 17:47:15 | 006,754,640 | ---- | C] () -- C:\Users\JEEZY\LORUS.wav [2012.06.21 22:12:40 | 013,499,600 | ---- | C] () -- C:\Users\JEEZY\snt.wav [2012.04.24 16:04:48 | 000,716,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_24_17_4_47.wav [2012.04.13 17:29:25 | 000,612,560 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_13_18_29_23.wav [2012.04.12 22:16:55 | 001,036,880 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_12_23_16_54.wav [2012.04.09 20:03:07 | 023,005,520 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_04_09_21_3_5.wav [2012.03.11 16:38:16 | 044,995,280 | ---- | C] () -- C:\Users\JEEZY\singen.wav [2012.02.20 19:59:46 | 001,772,240 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_20_19_59_44.wav [2012.02.16 21:56:54 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.02.12 19:03:50 | 023,913,680 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_12_02_12_19_3_48.wav [2011.12.30 04:46:42 | 053,118,764 | ---- | C] () -- C:\Users\JEEZY\ts3_recording_11_12_30_4_46_40.wav [2011.12.14 19:39:22 | 000,141,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.12.14 19:39:22 | 000,138,056 | ---- | C] () -- C:\Users\JEEZY\AppData\Roaming\PnkBstrK.sys [2011.12.14 19:38:56 | 000,281,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.12.14 19:38:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.12.10 17:12:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2011.12.07 18:01:44 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011.11.06 21:08:31 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.11.06 03:06:54 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.11.06 03:06:54 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.11.05 20:54:30 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.11.05 20:24:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2011.11.05 20:21:21 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.11.05 20:20:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.05 20:20:15 | 000,028,578 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.14 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Alxase [2011.11.05 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\DAEMON Tools Pro [2012.08.14 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Doelna [2013.03.15 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Dropbox [2012.11.09 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\FileZilla [2012.07.20 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\fltk.org [2013.03.14 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\HLSW [2013.03.13 18:06:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Hotspot Shield [2013.03.14 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ICQ [2012.02.20 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\java [2012.02.18 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\LolClient [2012.08.14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Matii [2012.12.15 23:36:19 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Opera [2012.08.12 16:53:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Publish Providers [2012.02.09 16:18:16 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Screaming Bee [2012.08.12 16:53:03 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Sony [2012.07.27 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\SplitMediaLabs [2012.02.20 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TeamViewer [2012.02.12 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Teeworlds [2013.03.13 18:46:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\TS3Client [2011.11.06 02:40:07 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\ts3overlay ========== Purity Check ========== < End of report > Bei Combofix bekomme ich folgende Nachricht : Zitat:
|
|
15.03.2013, 18:25
| #10 | |
| /// TB-Ausbilder | Musik im Hintergrund wenn Browser offen ist WIN7 Hi, Zitat:
__________________ cheers, Leo |
|
15.03.2013, 22:32
| #11 |
| | Musik im Hintergrund wenn Browser offen ist WIN7 Ahh jetzt ging es. Combofix Code:
ATTFilter ComboFix 13-03-15.01 - JEEZY 15.03.2013 22:23:10.1.8 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3573.2035 [GMT 1:00]
ausgeführt von:: c:\users\JEEZY\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
c:\windows\system32\ijl11.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-15 bis 2013-03-15 ))))))))))))))))))))))))))))))
.
.
2013-03-15 21:28 . 2013-03-15 21:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-15 21:28 . 2013-03-15 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-15 12:45 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1714059-2584-43DB-BCD1-0B4C26AEE4FA}\mpengine.dll
2013-03-14 05:07 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 17:33 . 2013-03-13 17:33 -------- d-----w- c:\users\JEEZY\AppData\Roaming\Malwarebytes
2013-03-13 17:33 . 2013-03-13 17:33 -------- d-----w- c:\programdata\Malwarebytes
2013-03-13 17:33 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 17:06 . 2013-03-13 17:06 -------- d-----w- c:\users\JEEZY\AppData\Roaming\Hotspot Shield
2013-03-09 16:40 . 2013-03-12 17:39 -------- d-----w- c:\programdata\ManiaPlanet
2013-03-09 16:40 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-03-09 16:40 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-03-09 15:24 . 2013-03-09 15:24 -------- d-----w- c:\users\JEEZY\AppData\Local\Macromedia
2013-03-09 14:33 . 2013-03-09 14:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-09 14:32 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-03-09 14:32 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-03-09 14:32 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-03-09 14:32 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-03-09 14:32 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-03-09 14:32 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-03-04 11:36 . 2013-03-04 11:36 -------- d-----w- c:\program files\PrivitizeVPN
2013-02-26 06:54 . 2013-02-26 06:54 -------- d-----w- c:\program files\Common Files\Skype
2013-02-23 08:37 . 2013-02-23 08:37 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-22 01:50 . 2013-02-22 01:50 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:37 . 2013-02-22 01:37 40136 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-09 14:33 . 2011-11-05 19:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 20:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2011-11-05 19:38 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 09:22 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 09:22 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 09:22 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 09:23 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 09:22 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 09:22 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-17 10:38 . 2011-11-06 20:08 867344 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-12-16 14:13 . 2012-12-21 18:35 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:35 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-07-03 14:40 . 2011-11-06 20:08 265120 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\JEEZY\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\JEEZY\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\JEEZY\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\program files\ICQ7.6\ICQ.exe" [2011-11-05 127040]
"Facebook Update"="c:\users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Steam"="d:\program files\Steam\steam.exe" [2013-02-25 1602984]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-28 10127976]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\avp.exe" [2011-03-02 361216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"speedvid"="c:\program files\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe" [2012-10-15 6020096]
"PrivitizeVPN"="c:\program files\PrivitizeVPN\PrivitizeVPN.exe" [2013-03-04 196784]
.
c:\users\JEEZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JEEZY\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Facebook Messenger.lnk - c:\users\JEEZY\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;d:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 21:53 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-09 14:33]
.
2013-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000Core.job
- c:\users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-08 14:31]
.
2013-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1221864313-813813898-1403309165-1000UA.job
- c:\users\JEEZY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-08 14:31]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-20 15:43]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-20 15:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - d:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-02-23 09:37; toolbar@web.de; c:\users\JEEZY\AppData\Roaming\Mozilla\Firefox\Profiles\m5697o37.default\extensions\toolbar@web.de
FF - ExtSQL: 2013-03-12 20:11; afurladvisor@anchorfree.com; d:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Irsacu - c:\users\JEEZY\AppData\Roaming\Doelna\zaesw.exe
AddRemove-PunkBusterSvc - d:\program files\STEAM\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe
AddRemove-True - ROCCAT 1.1.0 - d:\program files\Steam\skins\True - ROCCAT 1.1.0\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1221864313-813813898-1403309165-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1221864313-813813898-1403309165-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-15 22:29:26
ComboFix-quarantined-files.txt 2013-03-15 21:29
.
Vor Suchlauf: 8 Verzeichnis(se), 12.396.101.632 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 19.008.331.776 Bytes frei
.
- - End Of File - - 22BB61F6DF52976D515BBD221B188474
|
|
15.03.2013, 23:00
| #12 |
| /// TB-Ausbilder | Musik im Hintergrund wenn Browser offen ist WIN7 Hi, besteht das Problem mit dem unerwünschten HIntergrundsound im Browser immer noch?
__________________ cheers, Leo |
|
16.03.2013, 07:06
| #13 |
| | Musik im Hintergrund wenn Browser offen ist WIN7 Guten Morgen, also bis jetzt kam keine lästige Werbung mehr im Hintergrund :-) Vielen lieben Dank !!! Mit was genau hattest du es jetzt zutun? Kann ich ohne Bedenken wieder meinen Rechner benutzen? Herzlichen Dank nochmal :-))) Lg txea |
|
16.03.2013, 14:32
| #14 |
| /// TB-Ausbilder | Musik im Hintergrund wenn Browser offen ist WIN7 Hi, wir sind noch nicht fertig! Schritt 1
Code:
ATTFilter :OTL
[2012.08.14 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Alxase
[2012.08.14 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Doelna
[2012.08.14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\JEEZY\AppData\Roaming\Matii
:commands
[emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
16.03.2013, 20:10
| #15 |
| | Musik im Hintergrund wenn Browser offen ist WIN7 OTL Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\JEEZY\AppData\Roaming\Alxase folder moved successfully.
C:\Users\JEEZY\AppData\Roaming\Doelna folder moved successfully.
C:\Users\JEEZY\AppData\Roaming\Matii folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: JEEZY
->Temp folder emptied: 11209302 bytes
->Temporary Internet Files folder emptied: 511437218 bytes
->Java cache emptied: 13324598 bytes
->FireFox cache emptied: 344639001 bytes
->Google Chrome cache emptied: 13922496 bytes
->Opera cache emptied: 15354661 bytes
->Flash cache emptied: 60136 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 868,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03162013_183617
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 JEEZY :: JEEZY1 [Administrator] Schutz: Aktiviert 16.03.2013 18:43:04 mbam-log-2013-03-16 (18-43-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228833 Laufzeit: 1 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 17 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (19.0) Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe windows defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
| Themen zu Musik im Hintergrund wenn Browser offen ist WIN7 |
| browser, community, dasselbe, ebay, erscheint, firefox, gen, hilfe!, hintergrund, infiziert, komische, musik, musik im hintergrund, offen, problem, rechner, viren, virus, werbung, win, win7, wirklich, überhaupt, ähnliches |
Textbox.
Linear-Darstellung
