| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MyStart Incredibar Virus eingefangen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.09.2012, 10:46
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  MyStart Incredibar Virus eingefangen. Neues OTL-Log wie o.g. bitte wieder erstellen und in CODE-Tags posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.09.2012, 13:20
| #17 |
 | MyStart Incredibar Virus eingefangen. achso ok.
__________________Hier das neue Log Code:
ATTFilter OTL logfile created on: 9/17/2012 1:38:23 PM - Run 2 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\P-Lady\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.97 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.31% Memory free 5.93 Gb Paging File | 4.93 Gb Available in Paging File | 83.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 178.28 Gb Total Space | 125.09 Gb Free Space | 70.16% Space Free | Partition Type: NTFS Drive D: | 104.71 Gb Total Space | 24.38 Gb Free Space | 23.29% Space Free | Partition Type: NTFS Computer Name: P-LADY-PC | User Name: P-Lady | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/16 16:12:37 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\P-Lady\Downloads\OTL.exe PRC - [2012/08/17 11:59:02 | 001,193,176 | ---- | M] () -- C:\Users\P-Lady\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE PRC - [2009/09/08 01:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/19 10:53:30 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/19 10:52:28 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009/08/06 09:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 11:59:02 | 001,193,176 | ---- | M] () -- C:\Users\P-Lady\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll MOD - [2009/08/18 16:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012/08/15 16:51:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/08/22 04:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys -- (SYMTDIv) DRV - [2011/08/22 04:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys -- (SymEFA) DRV - [2011/08/04 06:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys -- (ccHP) DRV - [2010/12/17 18:57:40 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110224.038\NAVEX15.SYS -- (NAVEX15) DRV - [2010/12/17 18:57:40 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110224.038\NAVENG.SYS -- (NAVENG) DRV - [2010/11/23 04:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2010/11/09 16:43:51 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/11/09 02:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110224.001\IDSvix86.sys -- (IDSVix86) DRV - [2010/05/27 19:40:11 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/04/29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys -- (SymIRON) DRV - [2010/04/22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys -- (SRTSP) DRV - [2010/04/22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys -- (SRTSPX) DRV - [2010/02/24 13:16:40 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/09/21 18:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/09/01 10:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/08/30 02:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys -- (SymDS) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/06/29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/06/29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009/04/09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{58851BAF-E291-4E93-B767-829AE654E71A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:3.0.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.9.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\P-Lady\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\P-Lady\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\P-Lady\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\P-Lady\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\P-Lady\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/26 13:25:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2012/09/17 12:22:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/28 11:21:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/28 11:21:33 | 000,000,000 | ---D | M] [2009/12/29 20:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P-Lady\AppData\Roaming\mozilla\Extensions [2012/09/11 13:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions [2011/01/29 16:08:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/12/05 16:40:00 | 000,000,000 | ---D | M] (preisspion.de) -- C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de [2011/12/05 16:40:03 | 000,000,000 | ---D | M] (Personas) -- C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\personas@christopher.beard [2011/10/30 18:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/12/19 19:20:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/11/29 17:25:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/10/30 18:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/09/17 12:22:30 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6 [2011/07/26 13:25:58 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN File not found (No name found) -- C:\USERS\P-LADY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKVA4DIH.DEFAULT\EXTENSIONS\{40C3CC16-7269-4B32-9531-17F2950FB06F} [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/07/28 13:24:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/07/28 13:24:36 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/07/28 13:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/07/28 13:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/07/28 13:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\P-Lady\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\P-Lady\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\P-Lady\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\P-Lady\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\P-Lady\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\P-Lady\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\P-Lady\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\P-Lady\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\P-Lady\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\P-Lady\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: New tab for Chrome\u2122 = C:\Users\P-Lady\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: Google Mail = C:\Users\P-Lady\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE (Logitech Inc.) O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [Facebook Update] C:\Users\P-Lady\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [Spotify] C:\Users\P-Lady\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [Spotify Web Helper] C:\Users\P-Lady\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\P-Lady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\P-Lady\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4306FF41-17B6-4FC8-AADD-264FF65383C5}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB235944-AA92-4870-A7D6-86A8A9E3B27B}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 83.169.184.33 83.169.184.97 O18 - Protocol\Handler\bw+0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {be193c7f-c1e6-487f-9ee7-0a373770acd2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {BE193C7F-C1E6-487F-9EE7-0A373770ACD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a6c26080-5ea8-11e0-a470-002454219fa7}\Shell - "" = AutoRun O33 - MountPoints2\{a6c26080-5ea8-11e0-a470-002454219fa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{db95b286-5d04-11e0-9f75-002454219fa7}\Shell - "" = AutoRun O33 - MountPoints2\{db95b286-5d04-11e0-9f75-002454219fa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{db95b28f-5d04-11e0-9f75-002454219fa7}\Shell - "" = AutoRun O33 - MountPoints2\{db95b28f-5d04-11e0-9f75-002454219fa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe - (Logitech Inc.) MsConfig - StartUpReg: LDM - hkey= - key= - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/16 21:57:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/09/13 23:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/09/13 23:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/09/04 22:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/09/03 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\P-Lady\AppData\Roaming\Malwarebytes [2012/09/03 10:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/03 10:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/03 10:34:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/09/03 10:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/01 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Perion [1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/17 13:38:01 | 000,001,142 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job [2012/09/17 13:36:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/17 13:36:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/17 12:55:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job [2012/09/17 12:51:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/09/17 12:22:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/17 12:22:05 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012/09/16 22:38:01 | 000,001,120 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job [2012/09/13 23:24:38 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/09/13 21:43:14 | 000,763,744 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/09/13 21:43:14 | 000,707,368 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/09/13 21:43:14 | 000,176,960 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/09/13 21:43:14 | 000,142,718 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/09/04 21:58:34 | 000,002,455 | ---- | M] () -- C:\Users\P-Lady\Desktop\Google Chrome.lnk [2012/09/04 10:54:00 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job [2012/09/03 10:34:27 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/03 10:34:27 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/12/05 00:05:56 | 000,000,032 | ---- | C] () -- C:\Users\P-Lady\.simfy [2011/01/19 02:11:59 | 000,001,940 | ---- | C] () -- C:\Users\P-Lady\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/12/19 19:21:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/27 17:55:18 | 055,018,980 | ---- | C] () -- C:\Users\P-Lady\TASSC2D.rar [2009/12/01 18:40:06 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/12/01 12:52:49 | 000,007,605 | ---- | C] () -- C:\Users\P-Lady\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2010/01/10 19:04:07 | 000,000,000 | -HSD | M] -- C:\Users\P-Lady\AppData\Roaming\.# [2010/09/30 15:27:08 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Amazon [2011/08/20 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Atxy [2011/01/14 17:55:52 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Audacity [2011/04/02 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Bytemobile [2011/01/29 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\DVDVideoSoftIEHelpers [2010/03/10 16:40:28 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Facebook [2011/02/10 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Go Go Gourmet [2011/11/06 18:02:15 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\IDS_COMPANY [2010/01/06 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\OpenOffice.org [2011/02/11 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\PlayFirst [2011/09/23 15:43:36 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Simfy [2012/09/17 13:36:56 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Spotify [2010/06/02 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\supertuxkart [2011/04/02 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Vodafone [2011/04/02 13:41:31 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Vodafone Mobile Connect [2011/08/19 18:23:26 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Zoco [2012/09/16 22:38:01 | 000,001,120 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job [2012/09/17 13:38:01 | 000,001,142 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job [2012/08/04 19:24:52 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/01/10 19:04:07 | 000,000,000 | -HSD | M] -- C:\Users\P-Lady\AppData\Roaming\.# [2011/09/23 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Adobe [2010/09/30 15:27:08 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Amazon [2012/04/06 20:43:42 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Apple Computer [2011/08/20 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Atxy [2011/01/14 17:55:52 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Audacity [2011/04/02 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Bytemobile [2010/02/02 18:53:21 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\DivX [2011/01/29 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\DVDVideoSoftIEHelpers [2010/03/10 16:40:28 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Facebook [2011/04/02 13:43:54 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\FLEXnet [2011/02/10 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Go Go Gourmet [2009/12/01 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Google [2009/12/01 11:57:20 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Identities [2011/11/06 18:02:15 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\IDS_COMPANY [2010/06/02 16:38:41 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Logitech [2009/12/01 14:33:23 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Macromedia [2012/09/03 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Malwarebytes [2009/09/22 23:54:35 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Media Center Programs [2012/08/06 00:15:52 | 000,000,000 | --SD | M] -- C:\Users\P-Lady\AppData\Roaming\Microsoft [2009/12/29 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Mozilla [2010/01/24 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Nero [2010/01/06 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\OpenOffice.org [2011/02/11 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\PlayFirst [2011/09/23 15:43:36 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Simfy [2012/09/05 10:32:57 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Skype [2012/09/05 08:00:48 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\skypePM [2012/09/17 13:36:56 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Spotify [2010/06/02 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\supertuxkart [2011/04/02 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Vodafone [2011/04/02 13:41:31 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Vodafone Mobile Connect [2010/02/27 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\WinRAR [2011/08/19 18:23:26 | 000,000,000 | ---D | M] -- C:\Users\P-Lady\AppData\Roaming\Zoco < %APPDATA%\*.exe /s > [2010/03/10 16:40:30 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\P-Lady\AppData\Roaming\Facebook\uninstall.exe [2011/12/05 00:01:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\P-Lady\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012/08/17 11:59:07 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\P-Lady\AppData\Roaming\Spotify\spotify.exe [2012/08/17 11:59:07 | 000,114,904 | ---- | M] () -- C:\Users\P-Lady\AppData\Roaming\Spotify\SpotifyLauncher.exe [2012/08/17 11:59:02 | 001,193,176 | ---- | M] () -- C:\Users\P-Lady\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMDRIVE%\*.exe > [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\windows\system32\drivers\*.tmp files -> C:\windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:5C5A503E @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > |
|
17.09.2012, 14:48
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Incredibar Virus eingefangen.Code:
ATTFilter C:\Users\P-Lady\TASSC2D.rar
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:3.0.3
[2011/01/29 16:08:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/12/05 16:40:00 | 000,000,000 | ---D | M] (preisspion.de) -- C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a6c26080-5ea8-11e0-a470-002454219fa7}\Shell - "" = AutoRun
O33 - MountPoints2\{a6c26080-5ea8-11e0-a470-002454219fa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{db95b286-5d04-11e0-9f75-002454219fa7}\Shell - "" = AutoRun
O33 - MountPoints2\{db95b286-5d04-11e0-9f75-002454219fa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{db95b28f-5d04-11e0-9f75-002454219fa7}\Shell - "" = AutoRun
O33 - MountPoints2\{db95b28f-5d04-11e0-9f75-002454219fa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:5C5A503E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D
:Files
C:\Users\P-Lady\AppData\Local\{*
C:\Users\P-Lady\AppData\Roaming\.#
C:\Users\P-Lady\AppData\Roaming\Atxy
C:\install.exe
C:\Users\P-Lady\Downloads\SoftonicDownloader61311.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
17.09.2012, 15:06
| #19 |
| | MyStart Incredibar Virus eingefangen. das ist eine musik rar datei, die ich irgendwann mal runtergeladen habe. so, habe ein otl fix gemacht, hier das Ergebnis: (wenn ich einen neuen tab öffnen will, kommt übrigens immer noch mystart Incredibar) Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: finder@meingutscheincode.de:3.0.3 removed from extensions.enabledItems
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de\chrome\skin folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de\chrome\content\vendor folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de\chrome\content\lib folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de\chrome\content folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de\chrome folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\mozilla\Firefox\Profiles\qkva4dih.default\extensions\finder@meingutscheincode.de folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6c26080-5ea8-11e0-a470-002454219fa7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6c26080-5ea8-11e0-a470-002454219fa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6c26080-5ea8-11e0-a470-002454219fa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6c26080-5ea8-11e0-a470-002454219fa7}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db95b286-5d04-11e0-9f75-002454219fa7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db95b286-5d04-11e0-9f75-002454219fa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db95b286-5d04-11e0-9f75-002454219fa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db95b286-5d04-11e0-9f75-002454219fa7}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db95b28f-5d04-11e0-9f75-002454219fa7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db95b28f-5d04-11e0-9f75-002454219fa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db95b28f-5d04-11e0-9f75-002454219fa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db95b28f-5d04-11e0-9f75-002454219fa7}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.
ADS C:\ProgramData\Temp:5C5A503E deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
========== FILES ==========
C:\Users\P-Lady\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913} folder moved successfully.
C:\Users\P-Lady\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini moved successfully.
C:\Users\P-Lady\AppData\Roaming\.# folder moved successfully.
C:\Users\P-Lady\AppData\Roaming\Atxy folder moved successfully.
C:\install.exe moved successfully.
C:\Users\P-Lady\Downloads\SoftonicDownloader61311.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\P-Lady\Downloads\cmd.bat deleted successfully.
C:\Users\P-Lady\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: P-Lady
->Temp folder emptied: 1548999635 bytes
->Temporary Internet Files folder emptied: 198278396 bytes
->Java cache emptied: 1737011 bytes
->FireFox cache emptied: 57785129 bytes
->Google Chrome cache emptied: 440135211 bytes
->Flash cache emptied: 282386 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 211727723 bytes
RecycleBin emptied: 522194398 bytes
Total Files Cleaned = 2,843.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.5 log created on 09172012_155633
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.09.2012, 19:35
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Incredibar Virus eingefangen. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 20:58
| #21 |
| | MyStart Incredibar Virus eingefangen.Code:
ATTFilter 21:55:07.0320 2688 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:55:11.0503 2688 ============================================================
21:55:11.0503 2688 Current date / time: 2012/09/17 21:55:11.0502
21:55:11.0503 2688 SystemInfo:
21:55:11.0503 2688
21:55:11.0503 2688 OS Version: 6.1.7600 ServicePack: 0.0
21:55:11.0503 2688 Product type: Workstation
21:55:11.0503 2688 ComputerName: P-LADY-PC
21:55:11.0503 2688 UserName: P-Lady
21:55:11.0503 2688 Windows directory: C:\windows
21:55:11.0503 2688 System windows directory: C:\windows
21:55:11.0503 2688 Processor architecture: Intel x86
21:55:11.0503 2688 Number of processors: 2
21:55:11.0503 2688 Page size: 0x1000
21:55:11.0503 2688 Boot type: Normal boot
21:55:11.0503 2688 ============================================================
21:55:12.0180 2688 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:12.0183 2688 ============================================================
21:55:12.0183 2688 \Device\Harddisk0\DR0:
21:55:12.0183 2688 MBR partitions:
21:55:12.0183 2688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
21:55:12.0183 2688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x16491000
21:55:12.0183 2688 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x182C3800, BlocksNum 0xD16A800
21:55:12.0183 2688 ============================================================
21:55:12.0234 2688 C: <-> \Device\Harddisk0\DR0\Partition2
21:55:12.0305 2688 D: <-> \Device\Harddisk0\DR0\Partition3
21:55:12.0358 2688 ============================================================
21:55:12.0358 2688 Initialize success
21:55:12.0358 2688 ============================================================
21:55:39.0688 5728 ============================================================
21:55:39.0688 5728 Scan started
21:55:39.0688 5728 Mode: Manual; SigCheck; TDLFS;
21:55:39.0688 5728 ============================================================
21:55:40.0078 5728 ================ Scan system memory ========================
21:55:40.0078 5728 System memory - ok
21:55:40.0078 5728 ================ Scan services =============================
21:55:40.0281 5728 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
21:55:40.0437 5728 1394ohci - ok
21:55:40.0499 5728 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
21:55:40.0530 5728 ACPI - ok
21:55:40.0577 5728 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
21:55:40.0639 5728 AcpiPmi - ok
21:55:40.0717 5728 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:40.0733 5728 AdobeFlashPlayerUpdateSvc - ok
21:55:40.0795 5728 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
21:55:40.0827 5728 adp94xx - ok
21:55:40.0873 5728 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
21:55:40.0905 5728 adpahci - ok
21:55:40.0936 5728 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
21:55:40.0967 5728 adpu320 - ok
21:55:40.0998 5728 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:55:41.0107 5728 AeLookupSvc - ok
21:55:41.0201 5728 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
21:55:41.0248 5728 AFD - ok
21:55:41.0279 5728 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
21:55:41.0310 5728 agp440 - ok
21:55:41.0357 5728 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
21:55:41.0373 5728 aic78xx - ok
21:55:41.0419 5728 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
21:55:41.0482 5728 ALG - ok
21:55:41.0513 5728 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
21:55:41.0544 5728 aliide - ok
21:55:41.0575 5728 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
21:55:41.0591 5728 amdagp - ok
21:55:41.0607 5728 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
21:55:41.0638 5728 amdide - ok
21:55:41.0653 5728 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
21:55:41.0685 5728 AmdK8 - ok
21:55:41.0700 5728 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
21:55:41.0731 5728 AmdPPM - ok
21:55:41.0778 5728 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\windows\system32\drivers\amdsata.sys
21:55:41.0794 5728 amdsata - ok
21:55:41.0841 5728 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
21:55:41.0856 5728 amdsbs - ok
21:55:41.0903 5728 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:55:41.0919 5728 amdxata - ok
21:55:42.0137 5728 [ A122D68EA2541453F787F341877CB40B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:55:42.0153 5728 AntiVirSchedulerService - ok
21:55:42.0215 5728 [ 2FE359EDEB34EFCF42574752F8AEBD3F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:55:42.0246 5728 AntiVirService - ok
21:55:42.0277 5728 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
21:55:42.0371 5728 AppID - ok
21:55:42.0418 5728 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:55:42.0511 5728 AppIDSvc - ok
21:55:42.0543 5728 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
21:55:42.0589 5728 Appinfo - ok
21:55:42.0683 5728 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:55:42.0714 5728 Apple Mobile Device - ok
21:55:42.0745 5728 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
21:55:42.0761 5728 arc - ok
21:55:42.0792 5728 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
21:55:42.0823 5728 arcsas - ok
21:55:42.0933 5728 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:55:43.0011 5728 aspnet_state - ok
21:55:43.0026 5728 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:55:43.0089 5728 AsyncMac - ok
21:55:43.0135 5728 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
21:55:43.0167 5728 atapi - ok
21:55:43.0229 5728 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\windows\system32\DRIVERS\athr.sys
21:55:43.0291 5728 athr - ok
21:55:43.0354 5728 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:55:43.0432 5728 AudioEndpointBuilder - ok
21:55:43.0447 5728 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
21:55:43.0494 5728 Audiosrv - ok
21:55:43.0572 5728 [ 7713E4EB0276702FAA08E52A6E23F2A6 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
21:55:43.0603 5728 avgntflt - ok
21:55:43.0681 5728 [ 912D23140CD05980F6CDAE790DDAFC8D ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
21:55:43.0697 5728 avipbb - ok
21:55:43.0744 5728 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
21:55:43.0759 5728 avkmgr - ok
21:55:43.0791 5728 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
21:55:43.0853 5728 AxInstSV - ok
21:55:43.0900 5728 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
21:55:43.0947 5728 b06bdrv - ok
21:55:43.0978 5728 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
21:55:44.0040 5728 b57nd60x - ok
21:55:44.0118 5728 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:55:44.0149 5728 BcmSqlStartupSvc - ok
21:55:44.0165 5728 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
21:55:44.0227 5728 BDESVC - ok
21:55:44.0243 5728 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
21:55:44.0305 5728 Beep - ok
21:55:44.0337 5728 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
21:55:44.0415 5728 BFE - ok
21:55:44.0461 5728 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\System32\qmgr.dll
21:55:44.0571 5728 BITS - ok
21:55:44.0586 5728 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:55:44.0633 5728 blbdrive - ok
21:55:44.0727 5728 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:55:44.0758 5728 Bonjour Service - ok
21:55:44.0805 5728 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:55:44.0851 5728 bowser - ok
21:55:44.0883 5728 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
21:55:44.0929 5728 BrFiltLo - ok
21:55:44.0945 5728 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
21:55:44.0992 5728 BrFiltUp - ok
21:55:45.0039 5728 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\windows\System32\browser.dll
21:55:45.0085 5728 Browser - ok
21:55:45.0117 5728 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:55:45.0195 5728 Brserid - ok
21:55:45.0226 5728 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:55:45.0273 5728 BrSerWdm - ok
21:55:45.0288 5728 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:55:45.0319 5728 BrUsbMdm - ok
21:55:45.0335 5728 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:55:45.0382 5728 BrUsbSer - ok
21:55:45.0413 5728 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
21:55:45.0460 5728 BTHMODEM - ok
21:55:45.0491 5728 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
21:55:45.0553 5728 bthserv - ok
21:55:45.0585 5728 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:55:45.0647 5728 cdfs - ok
21:55:45.0709 5728 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:55:45.0756 5728 cdrom - ok
21:55:45.0787 5728 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
21:55:45.0850 5728 CertPropSvc - ok
21:55:45.0897 5728 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
21:55:45.0928 5728 circlass - ok
21:55:45.0959 5728 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
21:55:45.0990 5728 CLFS - ok
21:55:46.0053 5728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:46.0068 5728 clr_optimization_v2.0.50727_32 - ok
21:55:46.0131 5728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:46.0209 5728 clr_optimization_v4.0.30319_32 - ok
21:55:46.0240 5728 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:55:46.0271 5728 CmBatt - ok
21:55:46.0287 5728 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
21:55:46.0318 5728 cmdide - ok
21:55:46.0365 5728 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\windows\system32\Drivers\cng.sys
21:55:46.0411 5728 CNG - ok
21:55:46.0427 5728 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:55:46.0458 5728 Compbatt - ok
21:55:46.0489 5728 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
21:55:46.0536 5728 CompositeBus - ok
21:55:46.0552 5728 COMSysApp - ok
21:55:46.0583 5728 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
21:55:46.0614 5728 crcdisk - ok
21:55:46.0692 5728 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\windows\system32\cryptsvc.dll
21:55:46.0755 5728 CryptSvc - ok
21:55:46.0817 5728 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
21:55:46.0895 5728 DcomLaunch - ok
21:55:46.0926 5728 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
21:55:47.0004 5728 defragsvc - ok
21:55:47.0051 5728 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:55:47.0082 5728 DfsC - ok
21:55:47.0129 5728 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
21:55:47.0191 5728 Dhcp - ok
21:55:47.0223 5728 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
21:55:47.0301 5728 discache - ok
21:55:47.0347 5728 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
21:55:47.0363 5728 Disk - ok
21:55:47.0410 5728 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:55:47.0441 5728 Dnscache - ok
21:55:47.0488 5728 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
21:55:47.0535 5728 dot3svc - ok
21:55:47.0550 5728 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
21:55:47.0628 5728 DPS - ok
21:55:47.0675 5728 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:55:47.0706 5728 drmkaud - ok
21:55:47.0753 5728 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:55:47.0800 5728 DXGKrnl - ok
21:55:47.0831 5728 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
21:55:47.0893 5728 EapHost - ok
21:55:48.0003 5728 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
21:55:48.0096 5728 ebdrv - ok
21:55:48.0143 5728 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe
21:55:48.0205 5728 EFS - ok
21:55:48.0283 5728 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:55:48.0361 5728 ehRecvr - ok
21:55:48.0393 5728 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
21:55:48.0471 5728 ehSched - ok
21:55:48.0533 5728 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
21:55:48.0564 5728 elxstor - ok
21:55:48.0580 5728 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
21:55:48.0627 5728 ErrDev - ok
21:55:48.0673 5728 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
21:55:48.0736 5728 EventSystem - ok
21:55:48.0783 5728 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet C:\windows\system32\DRIVERS\ewusbnet.sys
21:55:48.0829 5728 ewusbnet - ok
21:55:48.0861 5728 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
21:55:48.0923 5728 exfat - ok
21:55:48.0954 5728 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
21:55:49.0017 5728 fastfat - ok
21:55:49.0079 5728 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
21:55:49.0141 5728 Fax - ok
21:55:49.0173 5728 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
21:55:49.0219 5728 fdc - ok
21:55:49.0235 5728 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
21:55:49.0297 5728 fdPHost - ok
21:55:49.0329 5728 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
21:55:49.0375 5728 FDResPub - ok
21:55:49.0407 5728 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:55:49.0422 5728 FileInfo - ok
21:55:49.0453 5728 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:55:49.0516 5728 Filetrace - ok
21:55:49.0531 5728 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
21:55:49.0578 5728 flpydisk - ok
21:55:49.0594 5728 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:55:49.0625 5728 FltMgr - ok
21:55:49.0672 5728 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\windows\system32\FntCache.dll
21:55:49.0750 5728 FontCache - ok
21:55:49.0812 5728 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:55:49.0828 5728 FontCache3.0.0.0 - ok
21:55:49.0843 5728 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:55:49.0875 5728 FsDepends - ok
21:55:49.0906 5728 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
21:55:49.0937 5728 fssfltr - ok
21:55:49.0999 5728 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:55:50.0031 5728 fsssvc - ok
21:55:50.0093 5728 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:55:50.0109 5728 Fs_Rec - ok
21:55:50.0155 5728 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:55:50.0187 5728 fvevol - ok
21:55:50.0233 5728 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
21:55:50.0265 5728 gagp30kx - ok
21:55:50.0327 5728 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:55:50.0343 5728 GEARAspiWDM - ok
21:55:50.0389 5728 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
21:55:50.0452 5728 gpsvc - ok
21:55:50.0530 5728 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:50.0545 5728 gusvc - ok
21:55:50.0577 5728 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:55:50.0623 5728 hcw85cir - ok
21:55:50.0655 5728 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:55:50.0701 5728 HdAudAddService - ok
21:55:50.0748 5728 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:55:50.0811 5728 HDAudBus - ok
21:55:50.0826 5728 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
21:55:50.0857 5728 HidBatt - ok
21:55:50.0873 5728 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
21:55:50.0920 5728 HidBth - ok
21:55:50.0951 5728 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
21:55:50.0998 5728 HidIr - ok
21:55:51.0029 5728 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
21:55:51.0091 5728 hidserv - ok
21:55:51.0138 5728 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:55:51.0169 5728 HidUsb - ok
21:55:51.0201 5728 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
21:55:51.0294 5728 hkmsvc - ok
21:55:51.0341 5728 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:55:51.0419 5728 HomeGroupListener - ok
21:55:51.0513 5728 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:55:51.0575 5728 HomeGroupProvider - ok
21:55:51.0622 5728 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
21:55:51.0653 5728 HpSAMD - ok
21:55:51.0700 5728 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
21:55:51.0778 5728 HTTP - ok
21:55:51.0840 5728 [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
21:55:51.0887 5728 hwdatacard - ok
21:55:51.0903 5728 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:55:51.0918 5728 hwpolicy - ok
21:55:51.0981 5728 [ 089085538885367E281686762A973EB5 ] hwusbfake C:\windows\system32\DRIVERS\ewusbfake.sys
21:55:52.0027 5728 hwusbfake - ok
21:55:52.0059 5728 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:55:52.0105 5728 i8042prt - ok
21:55:52.0152 5728 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:55:52.0183 5728 iaStor - ok
21:55:52.0230 5728 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:55:52.0261 5728 iaStorV - ok
21:55:52.0339 5728 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:55:52.0386 5728 idsvc - ok
21:55:52.0542 5728 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
21:55:52.0776 5728 igfx - ok
21:55:52.0807 5728 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
21:55:52.0839 5728 iirsp - ok
21:55:52.0885 5728 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
21:55:52.0979 5728 IKEEXT - ok
21:55:53.0088 5728 [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
21:55:53.0197 5728 IntcAzAudAddService - ok
21:55:53.0244 5728 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
21:55:53.0260 5728 intelide - ok
21:55:53.0291 5728 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:55:53.0338 5728 intelppm - ok
21:55:53.0369 5728 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:55:53.0431 5728 IPBusEnum - ok
21:55:53.0463 5728 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:55:53.0509 5728 IpFilterDriver - ok
21:55:53.0541 5728 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:55:53.0603 5728 iphlpsvc - ok
21:55:53.0619 5728 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
21:55:53.0650 5728 IPMIDRV - ok
21:55:53.0665 5728 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:55:53.0728 5728 IPNAT - ok
21:55:53.0806 5728 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:55:53.0837 5728 iPod Service - ok
21:55:53.0884 5728 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
21:55:53.0931 5728 IRENUM - ok
21:55:53.0946 5728 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
21:55:53.0977 5728 isapnp - ok
21:55:54.0009 5728 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
21:55:54.0024 5728 iScsiPrt - ok
21:55:54.0071 5728 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:55:54.0102 5728 kbdclass - ok
21:55:54.0118 5728 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
21:55:54.0165 5728 kbdhid - ok
21:55:54.0180 5728 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe
21:55:54.0211 5728 KeyIso - ok
21:55:54.0243 5728 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:55:54.0274 5728 KSecDD - ok
21:55:54.0305 5728 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:55:54.0336 5728 KSecPkg - ok
21:55:54.0367 5728 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
21:55:54.0445 5728 KtmRm - ok
21:55:54.0508 5728 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
21:55:54.0539 5728 LanmanServer - ok
21:55:54.0601 5728 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:55:54.0664 5728 LanmanWorkstation - ok
21:55:54.0711 5728 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:55:54.0757 5728 lltdio - ok
21:55:54.0789 5728 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
21:55:54.0851 5728 lltdsvc - ok
21:55:54.0882 5728 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
21:55:54.0945 5728 lmhosts - ok
21:55:54.0991 5728 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
21:55:55.0007 5728 LSI_FC - ok
21:55:55.0023 5728 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
21:55:55.0054 5728 LSI_SAS - ok
21:55:55.0085 5728 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
21:55:55.0101 5728 LSI_SAS2 - ok
21:55:55.0116 5728 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
21:55:55.0147 5728 LSI_SCSI - ok
21:55:55.0163 5728 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
21:55:55.0225 5728 luafv - ok
21:55:55.0288 5728 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
21:55:55.0303 5728 MBAMProtector - ok
21:55:55.0381 5728 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:55:55.0413 5728 MBAMScheduler - ok
21:55:55.0459 5728 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:55:55.0491 5728 MBAMService - ok
21:55:55.0553 5728 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:55:55.0631 5728 Mcx2Svc - ok
21:55:55.0662 5728 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
21:55:55.0693 5728 megasas - ok
21:55:55.0725 5728 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
21:55:55.0756 5728 MegaSR - ok
21:55:55.0787 5728 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
21:55:55.0834 5728 MMCSS - ok
21:55:55.0865 5728 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
21:55:55.0927 5728 Modem - ok
21:55:55.0959 5728 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:55:55.0990 5728 monitor - ok
21:55:56.0021 5728 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:55:56.0052 5728 mouclass - ok
21:55:56.0099 5728 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:55:56.0146 5728 mouhid - ok
21:55:56.0193 5728 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:55:56.0224 5728 mountmgr - ok
21:55:56.0239 5728 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
21:55:56.0271 5728 mpio - ok
21:55:56.0286 5728 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:55:56.0349 5728 mpsdrv - ok
21:55:56.0395 5728 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
21:55:56.0458 5728 MpsSvc - ok
21:55:56.0489 5728 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:55:56.0536 5728 MRxDAV - ok
21:55:56.0567 5728 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:55:56.0645 5728 mrxsmb - ok
21:55:56.0692 5728 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:55:56.0739 5728 mrxsmb10 - ok
21:55:56.0754 5728 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:55:56.0785 5728 mrxsmb20 - ok
21:55:56.0801 5728 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
21:55:56.0832 5728 msahci - ok
21:55:56.0879 5728 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
21:55:56.0910 5728 msdsm - ok
21:55:56.0926 5728 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
21:55:56.0973 5728 MSDTC - ok
21:55:57.0004 5728 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
21:55:57.0066 5728 Msfs - ok
21:55:57.0097 5728 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:55:57.0160 5728 mshidkmdf - ok
21:55:57.0191 5728 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
21:55:57.0207 5728 msisadrv - ok
21:55:57.0253 5728 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:55:57.0316 5728 MSiSCSI - ok
21:55:57.0331 5728 msiserver - ok
21:55:57.0363 5728 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:55:57.0425 5728 MSKSSRV - ok
21:55:57.0456 5728 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:55:57.0519 5728 MSPCLOCK - ok
21:55:57.0519 5728 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:55:57.0581 5728 MSPQM - ok
21:55:57.0659 5728 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:55:57.0690 5728 MsRPC - ok
21:55:57.0721 5728 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
21:55:57.0737 5728 mssmbios - ok
21:55:57.0815 5728 MSSQL$MSSMLBIZ - ok
21:55:57.0893 5728 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:55:57.0924 5728 MSSQLServerADHelper - ok
21:55:57.0955 5728 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:55:58.0002 5728 MSTEE - ok
21:55:58.0033 5728 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
21:55:58.0080 5728 MTConfig - ok
21:55:58.0111 5728 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
21:55:58.0143 5728 Mup - ok
21:55:58.0205 5728 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
21:55:58.0283 5728 napagent - ok
21:55:58.0330 5728 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:55:58.0377 5728 NativeWifiP - ok
21:55:58.0408 5728 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
21:55:58.0470 5728 NDIS - ok
21:55:58.0501 5728 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:55:58.0564 5728 NdisCap - ok
21:55:58.0595 5728 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:55:58.0657 5728 NdisTapi - ok
21:55:58.0704 5728 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:55:58.0751 5728 Ndisuio - ok
21:55:58.0782 5728 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:55:58.0860 5728 NdisWan - ok
21:55:58.0876 5728 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:55:58.0938 5728 NDProxy - ok
21:55:58.0985 5728 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:55:59.0063 5728 NetBIOS - ok
21:55:59.0110 5728 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:55:59.0188 5728 NetBT - ok
21:55:59.0204 5728 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe
21:55:59.0235 5728 Netlogon - ok
21:55:59.0266 5728 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
21:55:59.0344 5728 Netman - ok
21:55:59.0375 5728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:55:59.0406 5728 NetMsmqActivator - ok
21:55:59.0422 5728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:55:59.0438 5728 NetPipeActivator - ok
21:55:59.0469 5728 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
21:55:59.0531 5728 netprofm - ok
21:55:59.0562 5728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:55:59.0594 5728 NetTcpActivator - ok
21:55:59.0594 5728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:55:59.0625 5728 NetTcpPortSharing - ok
21:55:59.0656 5728 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
21:55:59.0672 5728 nfrd960 - ok
21:55:59.0718 5728 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
21:55:59.0765 5728 NlaSvc - ok
21:55:59.0781 5728 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
21:55:59.0859 5728 Npfs - ok
21:55:59.0906 5728 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
21:55:59.0968 5728 nsi - ok
21:55:59.0984 5728 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:56:00.0046 5728 nsiproxy - ok
21:56:00.0093 5728 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:56:00.0171 5728 Ntfs - ok
21:56:00.0218 5728 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
21:56:00.0296 5728 Null - ok
21:56:01.0091 5728 [ 2713392707E515EFB671751FA767EBD2 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
21:56:01.0466 5728 nvlddmkm - ok
21:56:01.0512 5728 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\windows\system32\drivers\nvraid.sys
21:56:01.0528 5728 nvraid - ok
21:56:01.0606 5728 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\windows\system32\drivers\nvstor.sys
21:56:01.0653 5728 nvstor - ok
21:56:01.0715 5728 [ D445466C0A10536486FBEBBC271D6E34 ] nvsvc C:\windows\system32\nvvsvc.exe
21:56:01.0746 5728 nvsvc - ok
21:56:01.0762 5728 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
21:56:01.0793 5728 nv_agp - ok
21:56:01.0887 5728 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:56:01.0918 5728 odserv - ok
21:56:01.0965 5728 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
21:56:01.0996 5728 ohci1394 - ok
21:56:02.0043 5728 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:56:02.0058 5728 ose - ok
21:56:02.0105 5728 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:56:02.0168 5728 p2pimsvc - ok
21:56:02.0183 5728 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
21:56:02.0230 5728 p2psvc - ok
21:56:02.0261 5728 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
21:56:02.0324 5728 Parport - ok
21:56:02.0370 5728 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\windows\system32\drivers\partmgr.sys
21:56:02.0402 5728 partmgr - ok
21:56:02.0417 5728 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
21:56:02.0448 5728 Parvdm - ok
21:56:02.0495 5728 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
21:56:02.0542 5728 PcaSvc - ok
21:56:02.0558 5728 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
21:56:02.0589 5728 pci - ok
21:56:02.0604 5728 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
21:56:02.0636 5728 pciide - ok
21:56:02.0682 5728 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
21:56:02.0729 5728 pcmcia - ok
21:56:02.0760 5728 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
21:56:02.0792 5728 pcw - ok
21:56:02.0823 5728 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:56:02.0916 5728 PEAUTH - ok
21:56:03.0135 5728 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
21:56:03.0228 5728 pla - ok
21:56:03.0306 5728 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:56:03.0369 5728 PlugPlay - ok
21:56:03.0384 5728 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:56:03.0416 5728 PNRPAutoReg - ok
21:56:03.0447 5728 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:56:03.0478 5728 PNRPsvc - ok
21:56:03.0572 5728 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:56:03.0743 5728 PolicyAgent - ok
21:56:03.0790 5728 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
21:56:03.0852 5728 Power - ok
21:56:03.0899 5728 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:56:03.0962 5728 PptpMiniport - ok
21:56:03.0993 5728 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
21:56:04.0024 5728 Processor - ok
21:56:04.0086 5728 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\windows\system32\profsvc.dll
21:56:04.0149 5728 ProfSvc - ok
21:56:04.0180 5728 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
21:56:04.0196 5728 ProtectedStorage - ok
21:56:04.0258 5728 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:56:04.0320 5728 Psched - ok
21:56:04.0336 5728 PxHelp20 - ok
21:56:04.0461 5728 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
21:56:04.0523 5728 ql2300 - ok
21:56:04.0554 5728 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
21:56:04.0586 5728 ql40xx - ok
21:56:04.0632 5728 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
21:56:04.0679 5728 QWAVE - ok
21:56:04.0695 5728 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:56:04.0742 5728 QWAVEdrv - ok
21:56:04.0757 5728 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:56:04.0820 5728 RasAcd - ok
21:56:04.0851 5728 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:56:04.0913 5728 RasAgileVpn - ok
21:56:04.0913 5728 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
21:56:04.0976 5728 RasAuto - ok
21:56:05.0007 5728 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:56:05.0069 5728 Rasl2tp - ok
21:56:05.0132 5728 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
21:56:05.0210 5728 RasMan - ok
21:56:05.0381 5728 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:56:05.0459 5728 RasPppoe - ok
21:56:05.0506 5728 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:56:05.0553 5728 RasSstp - ok
21:56:05.0568 5728 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:56:05.0615 5728 rdbss - ok
21:56:05.0631 5728 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
21:56:05.0646 5728 rdpbus - ok
21:56:05.0662 5728 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:56:05.0709 5728 RDPCDD - ok
21:56:05.0740 5728 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:56:05.0802 5728 RDPENCDD - ok
21:56:05.0818 5728 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:56:05.0880 5728 RDPREFMP - ok
21:56:06.0192 5728 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:56:06.0317 5728 RDPWD - ok
21:56:06.0364 5728 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:56:06.0395 5728 rdyboost - ok
21:56:06.0473 5728 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
21:56:06.0536 5728 RemoteAccess - ok
21:56:06.0567 5728 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:56:06.0660 5728 RemoteRegistry - ok
21:56:06.0707 5728 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\windows\system32\Drivers\RimUsb.sys
21:56:06.0754 5728 RimUsb - ok
21:56:06.0770 5728 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:56:06.0832 5728 RpcEptMapper - ok
21:56:06.0926 5728 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
21:56:06.0988 5728 RpcLocator - ok
21:56:07.0050 5728 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
21:56:07.0113 5728 RpcSs - ok
21:56:07.0144 5728 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:56:07.0206 5728 rspndr - ok
21:56:07.0253 5728 [ 6465166DD9B2F841DABAD16ABDADBE98 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
21:56:07.0300 5728 RTL8167 - ok
21:56:07.0362 5728 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
21:56:07.0409 5728 SABI - ok
21:56:07.0456 5728 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe
21:56:07.0472 5728 SamSs - ok
21:56:07.0503 5728 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
21:56:07.0534 5728 sbp2port - ok
21:56:07.0596 5728 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
21:56:07.0674 5728 SCardSvr - ok
21:56:07.0690 5728 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:56:07.0737 5728 scfilter - ok
21:56:07.0846 5728 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
21:56:07.0940 5728 Schedule - ok
21:56:07.0955 5728 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
21:56:08.0002 5728 SCPolicySvc - ok
21:56:08.0018 5728 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:56:08.0064 5728 SDRSVC - ok
21:56:08.0096 5728 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:56:08.0158 5728 secdrv - ok
21:56:08.0205 5728 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
21:56:08.0252 5728 seclogon - ok
21:56:08.0314 5728 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
21:56:08.0408 5728 SENS - ok
21:56:08.0439 5728 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
21:56:08.0470 5728 SensrSvc - ok
21:56:08.0517 5728 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
21:56:08.0564 5728 Serenum - ok
21:56:08.0595 5728 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
21:56:08.0642 5728 Serial - ok
21:56:08.0673 5728 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
21:56:08.0720 5728 sermouse - ok
21:56:08.0766 5728 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
21:56:08.0844 5728 SessionEnv - ok
21:56:08.0860 5728 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
21:56:08.0907 5728 sffdisk - ok
21:56:08.0938 5728 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
21:56:08.0985 5728 sffp_mmc - ok
21:56:09.0016 5728 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
21:56:09.0047 5728 sffp_sd - ok
21:56:09.0078 5728 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
21:56:09.0125 5728 sfloppy - ok
21:56:09.0188 5728 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
21:56:09.0266 5728 SharedAccess - ok
21:56:09.0328 5728 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:56:09.0390 5728 ShellHWDetection - ok
21:56:09.0406 5728 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
21:56:09.0437 5728 sisagp - ok
21:56:09.0484 5728 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
21:56:09.0500 5728 SiSRaid2 - ok
21:56:09.0515 5728 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
21:56:09.0546 5728 SiSRaid4 - ok
21:56:09.0702 5728 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:56:09.0734 5728 SkypeUpdate - ok
21:56:09.0780 5728 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
21:56:09.0827 5728 Smb - ok
21:56:09.0890 5728 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:56:09.0952 5728 SNMPTRAP - ok
21:56:09.0968 5728 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
21:56:09.0999 5728 spldr - ok
21:56:10.0108 5728 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\windows\System32\spoolsv.exe
21:56:10.0170 5728 Spooler - ok
21:56:10.0436 5728 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
21:56:10.0529 5728 sppsvc - ok
21:56:10.0545 5728 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:56:10.0624 5728 sppuinotify - ok
21:56:10.0717 5728 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:56:10.0749 5728 SQLBrowser - ok
21:56:10.0780 5728 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:56:10.0795 5728 SQLWriter - ok
21:56:10.0873 5728 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
21:56:10.0920 5728 srv - ok
21:56:10.0936 5728 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:56:10.0998 5728 srv2 - ok
21:56:11.0014 5728 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:56:11.0045 5728 srvnet - ok
21:56:11.0092 5728 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:56:11.0154 5728 SSDPSRV - ok
21:56:11.0279 5728 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
21:56:11.0295 5728 ssmdrv - ok
21:56:11.0326 5728 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
21:56:11.0404 5728 SstpSvc - ok
21:56:11.0435 5728 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
21:56:11.0466 5728 stexstor - ok
21:56:11.0497 5728 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
21:56:11.0544 5728 StiSvc - ok
21:56:11.0575 5728 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
21:56:11.0591 5728 swenum - ok
21:56:11.0638 5728 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
21:56:11.0685 5728 swprv - ok
21:56:11.0809 5728 [ 7A9025D8F7852B06D6D08ED536135E7E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:56:11.0841 5728 SynTP - ok
21:56:11.0903 5728 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
21:56:11.0965 5728 SysMain - ok
21:56:11.0981 5728 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
21:56:12.0028 5728 TabletInputService - ok
21:56:12.0059 5728 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
21:56:12.0121 5728 TapiSrv - ok
21:56:12.0137 5728 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
21:56:12.0215 5728 TBS - ok
21:56:12.0309 5728 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:56:12.0371 5728 Tcpip - ok
21:56:12.0402 5728 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:56:12.0465 5728 TCPIP6 - ok
21:56:12.0496 5728 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:56:12.0543 5728 tcpipreg - ok
21:56:12.0558 5728 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:56:12.0605 5728 TDPIPE - ok
21:56:12.0652 5728 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:56:12.0683 5728 TDTCP - ok
21:56:12.0714 5728 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:56:12.0777 5728 tdx - ok
21:56:12.0777 5728 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
21:56:12.0808 5728 TermDD - ok
21:56:12.0855 5728 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
21:56:12.0933 5728 TermService - ok
21:56:12.0964 5728 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
21:56:12.0995 5728 Themes - ok
21:56:13.0011 5728 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
21:56:13.0073 5728 THREADORDER - ok
21:56:13.0073 5728 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
21:56:13.0151 5728 TrkWks - ok
21:56:13.0198 5728 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:56:13.0245 5728 TrustedInstaller - ok
21:56:13.0276 5728 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:56:13.0338 5728 tssecsrv - ok
21:56:13.0385 5728 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:56:13.0432 5728 tunnel - ok
21:56:13.0463 5728 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
21:56:13.0479 5728 uagp35 - ok
21:56:13.0510 5728 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:56:13.0557 5728 udfs - ok
21:56:13.0588 5728 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:56:13.0635 5728 UI0Detect - ok
21:56:13.0666 5728 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
21:56:13.0697 5728 uliagpkx - ok
21:56:13.0728 5728 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:56:13.0744 5728 umbus - ok
21:56:13.0775 5728 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
21:56:13.0822 5728 UmPass - ok
21:56:13.0837 5728 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
21:56:13.0915 5728 upnphost - ok
21:56:13.0947 5728 upperdev - ok
21:56:13.0993 5728 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
21:56:14.0025 5728 USBAAPL - ok
21:56:14.0056 5728 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:56:14.0118 5728 usbccgp - ok
21:56:14.0165 5728 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
21:56:14.0212 5728 usbcir - ok
21:56:14.0259 5728 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
21:56:14.0290 5728 usbehci - ok
21:56:14.0337 5728 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:56:14.0383 5728 usbhub - ok
21:56:14.0399 5728 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:56:14.0430 5728 usbohci - ok
21:56:14.0446 5728 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:56:14.0477 5728 usbprint - ok
21:56:14.0524 5728 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:56:14.0586 5728 USBSTOR - ok
21:56:14.0602 5728 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
21:56:14.0633 5728 usbuhci - ok
21:56:14.0695 5728 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
21:56:14.0711 5728 usbvideo - ok
21:56:14.0742 5728 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
21:56:14.0789 5728 UxSms - ok
21:56:14.0805 5728 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe
21:56:14.0836 5728 VaultSvc - ok
21:56:14.0867 5728 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
21:56:14.0883 5728 vdrvroot - ok
21:56:14.0914 5728 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
21:56:14.0961 5728 vds - ok
21:56:14.0976 5728 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:56:15.0007 5728 vga - ok
21:56:15.0023 5728 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
21:56:15.0085 5728 VgaSave - ok
21:56:15.0117 5728 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
21:56:15.0132 5728 vhdmp - ok
21:56:15.0179 5728 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
21:56:15.0195 5728 viaagp - ok
21:56:15.0210 5728 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
21:56:15.0257 5728 ViaC7 - ok
21:56:15.0273 5728 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
21:56:15.0304 5728 viaide - ok
21:56:15.0335 5728 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
21:56:15.0351 5728 volmgr - ok
21:56:15.0382 5728 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:56:15.0413 5728 volmgrx - ok
21:56:15.0429 5728 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
21:56:15.0444 5728 volsnap - ok
21:56:15.0475 5728 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
21:56:15.0507 5728 vsmraid - ok
21:56:15.0569 5728 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
21:56:15.0616 5728 VSS - ok
21:56:15.0631 5728 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:56:15.0663 5728 vwifibus - ok
21:56:15.0694 5728 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:56:15.0741 5728 vwififlt - ok
21:56:15.0772 5728 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
21:56:15.0787 5728 vwifimp - ok
21:56:15.0819 5728 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
21:56:15.0881 5728 W32Time - ok
21:56:15.0928 5728 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
21:56:15.0943 5728 WacomPen - ok
21:56:15.0975 5728 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:56:16.0021 5728 WANARP - ok
21:56:16.0037 5728 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:56:16.0084 5728 Wanarpv6 - ok
21:56:16.0131 5728 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
21:56:16.0209 5728 wbengine - ok
21:56:16.0240 5728 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:56:16.0271 5728 WbioSrvc - ok
21:56:16.0302 5728 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\windows\System32\wcncsvc.dll
21:56:16.0349 5728 wcncsvc - ok
21:56:16.0365 5728 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:56:16.0427 5728 WcsPlugInService - ok
21:56:16.0443 5728 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
21:56:16.0474 5728 Wd - ok
21:56:16.0505 5728 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:56:16.0536 5728 Wdf01000 - ok
21:56:16.0552 5728 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
21:56:16.0583 5728 WdiServiceHost - ok
21:56:16.0599 5728 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
21:56:16.0630 5728 WdiSystemHost - ok
21:56:16.0677 5728 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\windows\System32\webclnt.dll
21:56:16.0723 5728 WebClient - ok
21:56:16.0755 5728 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
21:56:16.0817 5728 Wecsvc - ok
21:56:16.0833 5728 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
21:56:16.0895 5728 wercplsupport - ok
21:56:16.0926 5728 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
21:56:16.0989 5728 WerSvc - ok
21:56:17.0020 5728 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:56:17.0067 5728 WfpLwf - ok
21:56:17.0082 5728 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:56:17.0113 5728 WIMMount - ok
21:56:17.0176 5728 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:56:17.0223 5728 WinDefend - ok
21:56:17.0254 5728 WinHttpAutoProxySvc - ok
21:56:17.0301 5728 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:56:17.0363 5728 Winmgmt - ok
21:56:17.0425 5728 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
21:56:17.0519 5728 WinRM - ok
21:56:17.0581 5728 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
21:56:17.0613 5728 WinUsb - ok
21:56:17.0659 5728 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
21:56:17.0706 5728 Wlansvc - ok
21:56:17.0831 5728 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:56:17.0893 5728 wlidsvc - ok
21:56:17.0940 5728 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
21:56:17.0971 5728 WmiAcpi - ok
21:56:18.0003 5728 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:56:18.0034 5728 wmiApSrv - ok
21:56:18.0127 5728 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:56:18.0205 5728 WMPNetworkSvc - ok
21:56:18.0221 5728 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
21:56:18.0283 5728 WPCSvc - ok
21:56:18.0299 5728 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:56:18.0330 5728 WPDBusEnum - ok
21:56:18.0377 5728 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:56:18.0424 5728 ws2ifsl - ok
21:56:18.0471 5728 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\windows\System32\wscsvc.dll
21:56:18.0502 5728 wscsvc - ok
21:56:18.0517 5728 WSearch - ok
21:56:18.0595 5728 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
21:56:18.0673 5728 wuauserv - ok
21:56:18.0705 5728 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:56:18.0767 5728 WudfPf - ok
21:56:18.0798 5728 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:56:18.0861 5728 WUDFRd - ok
21:56:18.0907 5728 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:56:18.0954 5728 wudfsvc - ok
21:56:18.0985 5728 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
21:56:19.0048 5728 WwanSvc - ok
21:56:19.0110 5728 ================ Scan global ===============================
21:56:19.0141 5728 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
21:56:19.0173 5728 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
21:56:19.0188 5728 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
21:56:19.0219 5728 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
21:56:19.0251 5728 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
21:56:19.0266 5728 [Global] - ok
21:56:19.0266 5728 ================ Scan MBR ==================================
21:56:19.0282 5728 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
21:56:19.0719 5728 \Device\Harddisk0\DR0 - ok
21:56:19.0719 5728 ================ Scan VBR ==================================
21:56:19.0734 5728 [ FFCF558F995DC6506B87E0580F61DA7E ] \Device\Harddisk0\DR0\Partition1
21:56:19.0734 5728 \Device\Harddisk0\DR0\Partition1 - ok
21:56:19.0750 5728 [ 6899E506E882494A02D43A444C280FBF ] \Device\Harddisk0\DR0\Partition2
21:56:19.0765 5728 \Device\Harddisk0\DR0\Partition2 - ok
21:56:19.0781 5728 [ 673CCEC14F27E1BA3BF8A68B8F553C15 ] \Device\Harddisk0\DR0\Partition3
21:56:19.0781 5728 \Device\Harddisk0\DR0\Partition3 - ok
21:56:19.0781 5728 ============================================================
21:56:19.0781 5728 Scan finished
21:56:19.0781 5728 ============================================================
21:56:19.0812 5084 Detected object count: 0
21:56:19.0812 5084 Actual detected object count: 0
|
|
19.09.2012, 08:25
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Incredibar Virus eingefangen. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 18:20
| #23 |
| | MyStart Incredibar Virus eingefangen.Code:
ATTFilter ComboFix 12-09-18.07 - P-Lady 19.09.2012 19:04:00.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3037.2056 [GMT 2:00]
ausgeführt von:: c:\users\P-Lady\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-19 bis 2012-09-19 ))))))))))))))))))))))))))))))
.
.
2012-09-19 17:12 . 2012-09-19 17:12 -------- d-----w- c:\users\P-Lady\AppData\Local\temp
2012-09-19 17:12 . 2012-09-19 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 16:37 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E23F36BC-451C-4D92-8B23-7825CBB29CAE}\mpengine.dll
2012-09-17 19:42 . 2012-09-17 19:42 -------- d-----w- c:\users\P-Lady\AppData\Roaming\Avira
2012-09-17 19:41 . 2012-09-19 16:35 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-17 19:41 . 2012-09-19 16:35 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-17 19:41 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-17 19:40 . 2012-09-17 19:40 -------- d-----w- c:\programdata\Avira
2012-09-17 19:40 . 2012-09-17 19:40 -------- d-----w- c:\program files\Avira
2012-09-17 13:56 . 2012-09-17 13:56 -------- d-----w- C:\_OTL
2012-09-13 21:24 . 2012-09-13 21:24 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 19:26 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-04 20:40 . 2012-09-04 20:40 -------- d-----w- c:\program files\ESET
2012-09-03 08:34 . 2012-09-03 08:34 -------- d-----w- c:\users\P-Lady\AppData\Roaming\Malwarebytes
2012-09-03 08:34 . 2012-09-03 08:34 -------- d-----w- c:\programdata\Malwarebytes
2012-09-03 08:34 . 2012-09-17 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-03 08:34 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 13:24 . 2012-09-01 13:24 -------- d-----w- c:\program files\Perion
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:51 . 2011-12-05 18:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:51 . 2011-12-05 18:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:10 . 2012-08-16 13:19 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:23 . 2012-08-16 13:18 41472 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:23 . 2012-08-16 13:18 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-16 22:52 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 22:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 22:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 22:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 22:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\P-Lady\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-18 138096]
"Spotify"="c:\users\P-Lady\AppData\Roaming\Spotify\Spotify.exe" [2012-08-17 5576408]
"Spotify Web Helper"="c:\users\P-Lady\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-17 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-31 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"SetPoint"="c:\program files\Logitech\SetPoint\SetPoint.EXE" [2005-05-25 450560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-19 348664]
.
c:\users\P-Lady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-01-04 22:17 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SSMDRV
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-05 14:51]
.
2012-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
- c:\users\P-Lady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-06 20:33]
.
2012-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
- c:\users\P-Lady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-06 20:33]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
- c:\users\P-Lady\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 10:34]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
- c:\users\P-Lady\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\P-Lady\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4306FF41-17B6-4FC8-AADD-264FF65383C5}\5416379724F687D2444433831363: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4306FF41-17B6-4FC8-AADD-264FF65383C5}\C657075737: DhcpNameServer = 192.168.11.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\P-Lady\AppData\Roaming\Mozilla\Firefox\Profiles\qkva4dih.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-AliceHilfe 1.0.0.1 - c:\program files\AliceHilfe\uninst_d.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-19 19:14:56
ComboFix-quarantined-files.txt 2012-09-19 17:14
.
Vor Suchlauf: 9 Verzeichnis(se), 138.045.386.752 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 137.720.975.360 Bytes frei
.
- - End Of File - - DABB4E49BFFA1F38088FBF86B0CDE556
|
|
20.09.2012, 10:17
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Incredibar Virus eingefangen. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 15:33
| #25 |
| | MyStart Incredibar Virus eingefangen. gmer Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-24 14:44:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: t30q7j7u.exe; Driver: C:\Users\P-Lady\AppData\Local\Temp\pxdiapow.sys
---- System - GMER 1.0.15 ----
SSDT 930A38C6 ZwCreateSection
SSDT 930A38D0 ZwRequestWaitReplyPort
SSDT 930A38CB ZwSetContextThread
SSDT 930A38D5 ZwSetSecurityObject
SSDT 930A38DA ZwSystemDebugControl
SSDT 930A3867 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackTransaction + 13ED 8383B8A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8385B2F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14B7 83862684 4 Bytes [C6, 38, 0A, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 1813 838629E0 4 Bytes [D0, 38, 0A, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 1857 83862A24 4 Bytes [CB, 38, 0A, 93] {RETF ; CMP [EDX], CL; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 18D3 83862AA0 4 Bytes [D5, 38, 0A, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 1927 83862AF4 4 Bytes [DA, 38, 0A, 93]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Users\P-Lady\AppData\Roaming\Spotify\spotify.exe[3176] ntdll.dll!DbgBreakPoint 77C43258 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-24 14:56:27
-----------------------------
14:56:27.256 OS Version: Windows 6.1.7600
14:56:27.256 Number of processors: 2 586 0x170A
14:56:27.260 ComputerName: P-LADY-PC UserName: P-Lady
14:56:28.431 Initialize success
14:57:27.955 AVAST engine defs: 12092400
14:57:32.825 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:57:32.831 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3
14:57:33.156 Disk 0 MBR read successfully
14:57:33.163 Disk 0 MBR scan
14:57:33.187 Disk 0 unknown MBR code
14:57:33.269 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
14:57:33.299 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
14:57:33.377 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 182562 MB offset 31664128
14:57:33.470 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 107221 MB offset 405551104
14:57:33.728 Disk 0 scanning sectors +625139712
14:57:34.156 Disk 0 scanning C:\windows\system32\drivers
14:58:46.063 Service scanning
14:59:19.622 Modules scanning
15:01:18.391 Disk 0 trace - called modules:
15:01:18.454
15:01:19.441 AVAST engine scan C:\windows
15:02:10.755 AVAST engine scan C:\windows\system32
15:08:05.593 AVAST engine scan C:\windows\system32\drivers
15:10:52.545 AVAST engine scan C:\Users\P-Lady
15:38:35.369 AVAST engine scan C:\ProgramData
15:39:46.148 Scan finished successfully
15:43:25.686 Disk 0 MBR has been saved successfully to "C:\Users\P-Lady\Desktop\MBR.dat"
15:43:25.704 The log file has been saved successfully to "C:\Users\P-Lady\Desktop\aswMBR.txt"
|
|
24.09.2012, 19:45
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Incredibar Virus eingefangen.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 20:38
| #27 |
| | MyStart Incredibar Virus eingefangen. oh  dann hier Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:37:19 on 24.09.2012 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Google Inc. Google Chrome 21.0.1180.89 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job" - "Facebook Inc." - C:\Users\P-Lady\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job" - "Facebook Inc." - C:\Users\P-Lady\AppData\Local\Facebook\Update\FacebookUpdate.exe "GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job" - "Google Inc." - C:\Users\P-Lady\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job" - "Google Inc." - C:\Users\P-Lady\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswMBR" (aswMBR) - ? - C:\Users\P-Lady\AppData\Local\Temp\aswMBR.sys (Hidden registry entry, rootkit activity | File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\P-Lady\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys "pxdiapow" (pxdiapow) - ? - C:\Users\P-Lady\AppData\Local\Temp\pxdiapow.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - ? - C:\windows\System32\Drivers\PxHelp20.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys "upperdev" (upperdev) - ? - C:\windows\System32\DRIVERS\usbser_lowerflt.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {be193c7f-c1e6-487f-9ee7-0a373770acd2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {BE193C7F-C1E6-487F-9EE7-0A373770ACD2} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? - (File not found | COM-object registry key not found) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\P-Lady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Facebook Update" - "Facebook Inc." - "C:\Users\P-Lady\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "Spotify" - "Spotify Ltd" - "C:\Users\P-Lady\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart "Spotify Web Helper" - ? - "C:\Users\P-Lady\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" (File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SetPoint" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.EXE "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
25.09.2012, 10:42
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Incredibar Virus eingefangen. Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 18:03
| #29 |
| | MyStart Incredibar Virus eingefangen. hoffe, das fixen hat geklappt. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 18:42:04
-----------------------------
18:42:04.738 OS Version: Windows 6.1.7600
18:42:04.738 Number of processors: 2 586 0x170A
18:42:04.738 ComputerName: P-LADY-PC UserName: P-Lady
18:42:06.044 Initialize success
18:42:15.250 AVAST engine defs: 12092400
18:42:33.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:42:33.940 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3
18:42:33.961 Disk 0 MBR read successfully
18:42:33.966 Disk 0 MBR scan
18:42:33.976 Disk 0 Windows 7 default MBR code
18:42:33.984 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
18:42:34.014 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
18:42:34.037 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 182562 MB offset 31664128
18:42:34.074 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 107221 MB offset 405551104
18:42:34.090 Disk 0 scanning sectors +625139712
18:42:34.182 Disk 0 scanning C:\windows\system32\drivers
18:42:48.878 Service scanning
18:43:23.153 Modules scanning
18:43:29.927 Disk 0 trace - called modules:
18:43:29.968 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:43:29.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875581e0]
18:43:29.988 3 CLASSPNP.SYS[8ca0759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86755028]
18:43:30.906 AVAST engine scan C:\windows
18:43:35.549 AVAST engine scan C:\windows\system32
18:50:04.508 AVAST engine scan C:\windows\system32\drivers
18:50:24.650 AVAST engine scan C:\Users\P-Lady
19:00:31.605 AVAST engine scan C:\ProgramData
19:01:42.428 Scan finished successfully
19:03:02.985 Disk 0 MBR has been saved successfully to "C:\Users\P-Lady\Desktop\MBR.dat"
19:03:03.001 The log file has been saved successfully to "C:\Users\P-Lady\Desktop\aswMBR aktuell.txt"
|
|
25.09.2012, 19:46
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Incredibar Virus eingefangen. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu MyStart Incredibar Virus eingefangen. |
| administrator, anti-malware, appdata, autostart, dateien, downloader, eingefangen, exploit.drop.2, explorer, gelöscht, gen, google, log, löschen, malwarebytes, pup.bundleinstaller.bi, pup.bundleinstaller.vg, quarantäne, schnell, speicher, temp, test, trojaner, version, video, virus, wirklich |
Linear-Darstellung
