System-Wiederherstellung nicht mehr möglich, programm browserprotect bit 89 neu und lässt sich nicht entfernen

cosinus · 26.05.2013, 19:38

In der Anleitungen stehen doch Hinweise was du tun musst wenn Probleme auftreten

Andy.pol · 26.05.2013, 20:03

Hallo,
meinst du denn Hinweis mit dem abgesicherten Modus?
Dort hab ich das Problem auch. Kein blauer Bildschirm...
Sorry, dass ich das eben nicht deutlicher geschrieben habe. ..

Einen anderen Hinweis kam ich deiner Mail doch nicht entnehmen, oder?

Andy.pol

cosinus · 26.05.2013, 21:57

Dann lass GMER einfach sein und mach mit dem anderen Tool weiter

Andy.pol · 27.05.2013, 19:30

Hallo cosinus,

so, nach mehrmaligen rauf und runterfahren und starten im abgesicherten Modus starten gings jetzt doch. Warum auch immer...

Hier also die Codes:
Gmer:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 22:30:21
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925032 rev.0303 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kunde\AppData\Local\Temp\uglcqpob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwNotifyChangeKey [0x904CA5D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwNotifyChangeMultipleKeys [0x904CA700]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwOpenProcess [0x904CA010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwSuspendProcess [0x904CA300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwSuspendThread [0x904CA3E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwTerminateProcess [0x904CA120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwTerminateThread [0x904CA210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwWriteVirtualMemory [0x904CA4D0]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 3BD                                                                    826C5B00 8 Bytes  [D0, A5, 4C, 90, 00, A7, 4C, ...] {SHL BYTE [EBP-0x58ff6fb4], 0x1; DEC ESP; NOP }
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                    826C5B34 4 Bytes  [10, A0, 4C, 90]
.text           ntkrnlpa.exe!KeSetEvent + 611                                                                    826C5D54 8 Bytes  [00, A3, 4C, 90, E0, A3, 4C, ...] {ADD [EBX-0x5c1f6fb4], AH; DEC ESP; NOP }
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                    826C5D64 1 Byte  [20]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                    826C5D64 8 Bytes  [20, A1, 4C, 90, 10, A2, 4C, ...] {AND [ECX-0x5def6fb4], AH; DEC ESP; NOP }
.text           ...                                                                                              

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        avgtdix.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd64e529                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd64e529@001fe4c8125e         0x61 0xF7 0xF8 0xED ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd64e529@001620c2a253         0x34 0x42 0x9C 0x60 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanTime                        0x4B 0x5A 0xCE 0x01 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@MemoryCacheSize                         450965048
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanUserTime                    So, Mai 26 13, 10:01:58????????????????
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd64e529 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd64e529@001fe4c8125e             0x61 0xF7 0xF8 0xED ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd64e529@001620c2a253             0x34 0x42 0x9C 0x60 ...

---- EOF - GMER 2.1 ----

Und hier noch der für Mbar:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.26.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kunde :: KUNDEN-NB [administrator]

26.05.2013 22:38:56
mbar-log-2013-05-26 (22-38-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 197906
Time elapsed: 18 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Viele Grüße
Andy.pol

cosinus · 27.05.2013, 21:29

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Andy.pol · 27.05.2013, 22:01

Hallo cosinus,

anbei die beiden Logfiles:

1. aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-27 22:41:53
-----------------------------
22:41:53.970    OS Version: Windows 6.0.6002 Service Pack 2
22:41:53.970    Number of processors: 2 586 0xF0D
22:41:53.970    ComputerName: KUNDEN-NB  UserName: Kunde
22:41:55.249    Initialize success
22:45:47.803    AVAST engine defs: 13052700
22:47:11.450    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:47:11.466    Disk 0 Vendor: ST925032 0303 Size: 238475MB BusType: 3
22:47:11.591    Disk 0 MBR read successfully
22:47:11.606    Disk 0 MBR scan
22:47:11.606    Disk 0 Windows XP default MBR code
22:47:11.622    Disk 0 Partition 1 00     0C    FAT32 LBA MSDOS5.0    10000 MB offset 2048
22:47:11.638    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       113107 MB offset 20482048
22:47:11.669    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        60363 MB offset 252127232
22:47:11.684    Disk 0 Partition - 00     0F Extended LBA             55001 MB offset 375752704
22:47:11.716    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        55000 MB offset 375754752
22:47:11.762    Disk 0 scanning sectors +488394752
22:47:11.996    Disk 0 scanning C:\Windows\system32\drivers
22:47:25.412    Service scanning
22:47:47.908    Modules scanning
22:47:53.726    Disk 0 trace - called modules:
22:47:53.742    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll iaStor.sys 
22:47:53.758    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cd9a78]
22:47:53.758    3 CLASSPNP.SYS[8ada58b3] -> nt!IofCallDriver -> [0x85951c18]
22:47:53.758    5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8595d028]
22:47:54.584    AVAST engine scan C:\Windows
22:47:57.611    AVAST engine scan C:\Windows\system32
22:51:08.305    AVAST engine scan C:\Windows\system32\drivers
22:51:23.749    AVAST engine scan C:\Users\Kunde
22:51:46.073    Disk 0 MBR has been saved successfully to "C:\Users\Kunde\Desktop\MBR.dat"
22:51:46.088    The log file has been saved successfully to "C:\Users\Kunde\Desktop\aswMBR.txt"

2. TDSS-Killer:

Code:

ATTFilter

22:52:32.0298 3572  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:32.0517 3572  ============================================================
22:52:32.0517 3572  Current date / time: 2013/05/27 22:52:32.0517
22:52:32.0517 3572  SystemInfo:
22:52:32.0517 3572  
22:52:32.0517 3572  OS Version: 6.0.6002 ServicePack: 2.0
22:52:32.0517 3572  Product type: Workstation
22:52:32.0517 3572  ComputerName: KUNDEN-NB
22:52:32.0517 3572  UserName: Kunde
22:52:32.0517 3572  Windows directory: C:\Windows
22:52:32.0517 3572  System windows directory: C:\Windows
22:52:32.0517 3572  Processor architecture: Intel x86
22:52:32.0517 3572  Number of processors: 2
22:52:32.0517 3572  Page size: 0x1000
22:52:32.0517 3572  Boot type: Normal boot
22:52:32.0517 3572  ============================================================
22:52:32.0907 3572  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:32.0953 3572  ============================================================
22:52:32.0953 3572  \Device\Harddisk0\DR0:
22:52:32.0953 3572  MBR partitions:
22:52:32.0953 3572  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1388000
22:52:32.0953 3572  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDCE9D74
22:52:32.0953 3572  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xF072800, BlocksNum 0x75E5FF8
22:52:32.0985 3572  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x16659000, BlocksNum 0x6B6C000
22:52:32.0985 3572  ============================================================
22:52:33.0047 3572  C: <-> \Device\Harddisk0\DR0\Partition2
22:52:33.0125 3572  D: <-> \Device\Harddisk0\DR0\Partition3
22:52:33.0172 3572  F: <-> \Device\Harddisk0\DR0\Partition4
22:52:33.0219 3572  H: <-> \Device\Harddisk0\DR0\Partition1
22:52:33.0219 3572  ============================================================
22:52:33.0219 3572  Initialize success
22:52:33.0219 3572  ============================================================
22:52:55.0277 2680  ============================================================
22:52:55.0277 2680  Scan started
22:52:55.0277 2680  Mode: Manual; SigCheck; TDLFS; 
22:52:55.0277 2680  ============================================================
22:52:56.0244 2680  ================ Scan system memory ========================
22:52:56.0244 2680  System memory - ok
22:52:56.0244 2680  ================ Scan services =============================
22:52:56.0400 2680  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:52:56.0509 2680  ACPI - ok
22:52:56.0603 2680  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:52:56.0603 2680  AdobeARMservice - ok
22:52:56.0681 2680  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:52:56.0697 2680  AdobeFlashPlayerUpdateSvc - ok
22:52:56.0743 2680  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:52:56.0759 2680  adp94xx - ok
22:52:56.0790 2680  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:52:56.0806 2680  adpahci - ok
22:52:56.0837 2680  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:52:56.0853 2680  adpu160m - ok
22:52:56.0868 2680  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:52:56.0884 2680  adpu320 - ok
22:52:56.0962 2680  [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService     C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
22:52:56.0993 2680  ADSMService ( UnsignedFile.Multi.Generic ) - warning
22:52:56.0993 2680  ADSMService - detected UnsignedFile.Multi.Generic (1)
22:52:57.0055 2680  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:52:57.0133 2680  AeLookupSvc - ok
22:52:57.0180 2680  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:52:57.0243 2680  AFD - ok
22:52:57.0289 2680  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:52:57.0305 2680  agp440 - ok
22:52:57.0336 2680  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:52:57.0352 2680  aic78xx - ok
22:52:57.0383 2680  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:52:57.0492 2680  ALG - ok
22:52:57.0523 2680  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:52:57.0523 2680  aliide - ok
22:52:57.0555 2680  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:52:57.0570 2680  amdagp - ok
22:52:57.0570 2680  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:52:57.0586 2680  amdide - ok
22:52:57.0601 2680  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:52:57.0633 2680  AmdK7 - ok
22:52:57.0648 2680  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:52:57.0695 2680  AmdK8 - ok
22:52:57.0742 2680  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:52:57.0773 2680  Appinfo - ok
22:52:57.0804 2680  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
22:52:57.0820 2680  arc - ok
22:52:57.0835 2680  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:52:57.0851 2680  arcsas - ok
22:52:57.0898 2680  [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys
22:52:57.0913 2680  AsDsm - ok
22:52:57.0960 2680  [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
22:52:57.0976 2680  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
22:52:57.0976 2680  ASLDRService - detected UnsignedFile.Multi.Generic (1)
22:52:58.0054 2680  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
22:52:58.0069 2680  ASMMAP - ok
22:52:58.0085 2680  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:52:58.0132 2680  AsyncMac - ok
22:52:58.0147 2680  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:52:58.0163 2680  atapi - ok
22:52:58.0210 2680  [ 44362605F5FFF00C9B7696B47680A8C5 ] athr            C:\Windows\system32\DRIVERS\athr.sys
22:52:58.0288 2680  athr - ok
22:52:58.0303 2680  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
22:52:58.0319 2680  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
22:52:58.0319 2680  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
22:52:58.0366 2680  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:52:58.0413 2680  AudioEndpointBuilder - ok
22:52:58.0428 2680  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:52:58.0444 2680  Audiosrv - ok
22:52:58.0631 2680  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
22:52:58.0803 2680  AVGIDSAgent - ok
22:52:58.0881 2680  [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:52:58.0896 2680  AVGIDSDriver - ok
22:52:58.0927 2680  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
22:52:58.0943 2680  AVGIDSHX - ok
22:52:58.0974 2680  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:52:58.0990 2680  AVGIDSShim - ok
22:52:59.0021 2680  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
22:52:59.0037 2680  Avgldx86 - ok
22:52:59.0099 2680  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
22:52:59.0115 2680  Avglogx - ok
22:52:59.0115 2680  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
22:52:59.0130 2680  Avgmfx86 - ok
22:52:59.0146 2680  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
22:52:59.0161 2680  Avgrkx86 - ok
22:52:59.0193 2680  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
22:52:59.0208 2680  Avgtdix - ok
22:52:59.0255 2680  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
22:52:59.0271 2680  avgtp - ok
22:52:59.0317 2680  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
22:52:59.0333 2680  avgwd - ok
22:52:59.0364 2680  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:52:59.0395 2680  Beep - ok
22:52:59.0442 2680  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:52:59.0473 2680  BFE - ok
22:52:59.0520 2680  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:52:59.0598 2680  BITS - ok
22:52:59.0629 2680  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:52:59.0661 2680  blbdrive - ok
22:52:59.0692 2680  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:52:59.0707 2680  bowser - ok
22:52:59.0754 2680  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:52:59.0785 2680  BrFiltLo - ok
22:52:59.0801 2680  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:52:59.0832 2680  BrFiltUp - ok
22:52:59.0848 2680  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:52:59.0895 2680  Browser - ok
22:52:59.0910 2680  BrowserProtect - ok
22:52:59.0926 2680  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:53:00.0051 2680  Brserid - ok
22:53:00.0129 2680  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:53:00.0191 2680  BrSerWdm - ok
22:53:00.0207 2680  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:53:00.0269 2680  BrUsbMdm - ok
22:53:00.0285 2680  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:53:00.0363 2680  BrUsbSer - ok
22:53:00.0394 2680  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
22:53:00.0425 2680  BthEnum - ok
22:53:00.0456 2680  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:53:00.0487 2680  BTHMODEM - ok
22:53:00.0519 2680  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:53:00.0565 2680  BthPan - ok
22:53:00.0628 2680  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:53:00.0659 2680  BTHPORT - ok
22:53:00.0706 2680  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
22:53:00.0737 2680  BthServ - ok
22:53:00.0753 2680  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:53:00.0784 2680  BTHUSB - ok
22:53:00.0815 2680  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:53:00.0846 2680  cdfs - ok
22:53:00.0877 2680  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:53:00.0909 2680  cdrom - ok
22:53:00.0940 2680  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:53:00.0971 2680  CertPropSvc - ok
22:53:00.0987 2680  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
22:53:01.0018 2680  circlass - ok
22:53:01.0049 2680  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:53:01.0065 2680  CLFS - ok
22:53:01.0174 2680  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:53:01.0236 2680  clr_optimization_v2.0.50727_32 - ok
22:53:01.0283 2680  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:53:01.0314 2680  CmBatt - ok
22:53:01.0330 2680  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:53:01.0345 2680  cmdide - ok
22:53:01.0361 2680  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:53:01.0377 2680  Compbatt - ok
22:53:01.0377 2680  COMSysApp - ok
22:53:01.0455 2680  cpuz132 - ok
22:53:01.0470 2680  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:53:01.0486 2680  crcdisk - ok
22:53:01.0486 2680  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:53:01.0517 2680  Crusoe - ok
22:53:01.0564 2680  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:53:01.0611 2680  CryptSvc - ok
22:53:01.0657 2680  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:53:01.0720 2680  DcomLaunch - ok
22:53:01.0751 2680  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:53:01.0798 2680  DfsC - ok
22:53:01.0860 2680  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:53:01.0969 2680  DFSR - ok
22:53:02.0016 2680  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:53:02.0047 2680  Dhcp - ok
22:53:02.0094 2680  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:53:02.0110 2680  disk - ok
22:53:02.0172 2680  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:53:02.0250 2680  Dnscache - ok
22:53:02.0281 2680  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:53:02.0328 2680  dot3svc - ok
22:53:02.0359 2680  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:53:02.0422 2680  DPS - ok
22:53:02.0453 2680  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:53:02.0484 2680  drmkaud - ok
22:53:02.0531 2680  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:53:02.0562 2680  DXGKrnl - ok
22:53:02.0593 2680  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:53:02.0640 2680  E1G60 - ok
22:53:02.0671 2680  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:53:02.0718 2680  EapHost - ok
22:53:02.0749 2680  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:53:02.0765 2680  Ecache - ok
22:53:02.0796 2680  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:53:02.0827 2680  elxstor - ok
22:53:02.0890 2680  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:53:02.0952 2680  EMDMgmt - ok
22:53:02.0983 2680  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:53:03.0015 2680  ErrDev - ok
22:53:03.0046 2680  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:53:03.0093 2680  EventSystem - ok
22:53:03.0171 2680  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:53:03.0202 2680  exfat - ok
22:53:03.0217 2680  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:53:03.0264 2680  fastfat - ok
22:53:03.0295 2680  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:53:03.0327 2680  fdc - ok
22:53:03.0358 2680  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:53:03.0405 2680  fdPHost - ok
22:53:03.0420 2680  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:53:03.0514 2680  FDResPub - ok
22:53:03.0545 2680  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:53:03.0561 2680  FileInfo - ok
22:53:03.0576 2680  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:53:03.0623 2680  Filetrace - ok
22:53:03.0639 2680  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:53:03.0685 2680  flpydisk - ok
22:53:03.0701 2680  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:53:03.0732 2680  FltMgr - ok
22:53:03.0779 2680  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
22:53:03.0841 2680  FontCache - ok
22:53:03.0904 2680  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:53:03.0904 2680  FontCache3.0.0.0 - ok
22:53:03.0951 2680  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
22:53:03.0982 2680  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:53:03.0982 2680  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:53:04.0013 2680  [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
22:53:04.0029 2680  FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
22:53:04.0029 2680  FsUsbExService - detected UnsignedFile.Multi.Generic (1)
22:53:04.0060 2680  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:53:04.0107 2680  Fs_Rec - ok
22:53:04.0169 2680  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:53:04.0185 2680  gagp30kx - ok
22:53:04.0216 2680  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:53:04.0263 2680  gpsvc - ok
22:53:04.0294 2680  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:53:04.0341 2680  HdAudAddService - ok
22:53:04.0387 2680  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:53:04.0434 2680  HDAudBus - ok
22:53:04.0465 2680  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:53:04.0497 2680  HidBth - ok
22:53:04.0528 2680  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:53:04.0575 2680  HidIr - ok
22:53:04.0606 2680  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
22:53:04.0653 2680  hidserv - ok
22:53:04.0668 2680  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:53:04.0699 2680  HidUsb - ok
22:53:04.0731 2680  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:53:04.0777 2680  hkmsvc - ok
22:53:04.0793 2680  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:53:04.0809 2680  HpCISSs - ok
22:53:04.0840 2680  [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:53:04.0887 2680  HTTP - ok
22:53:04.0918 2680  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:53:04.0933 2680  i2omp - ok
22:53:04.0949 2680  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:53:04.0980 2680  i8042prt - ok
22:53:04.0996 2680  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:53:05.0011 2680  iaStor - ok
22:53:05.0027 2680  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:53:05.0043 2680  iaStorV - ok
22:53:05.0105 2680  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:53:05.0230 2680  idsvc - ok
22:53:05.0370 2680  [ E58042A15DFDF2962B4C26F5C8B4C871 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
22:53:05.0573 2680  igfx - ok
22:53:05.0604 2680  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:53:05.0620 2680  iirsp - ok
22:53:05.0667 2680  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:53:05.0745 2680  IKEEXT - ok
22:53:05.0838 2680  [ 3C1C6F24E968EE92928AB908F35FE05E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:53:06.0010 2680  IntcAzAudAddService - ok
22:53:06.0041 2680  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:53:06.0057 2680  intelide - ok
22:53:06.0088 2680  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:53:06.0228 2680  intelppm - ok
22:53:06.0244 2680  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:53:06.0291 2680  IPBusEnum - ok
22:53:06.0322 2680  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:53:06.0369 2680  IpFilterDriver - ok
22:53:06.0384 2680  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:53:06.0447 2680  iphlpsvc - ok
22:53:06.0447 2680  IpInIp - ok
22:53:06.0462 2680  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:53:06.0493 2680  IPMIDRV - ok
22:53:06.0525 2680  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:53:06.0556 2680  IPNAT - ok
22:53:06.0571 2680  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:53:06.0618 2680  IRENUM - ok
22:53:06.0634 2680  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:53:06.0649 2680  isapnp - ok
22:53:06.0681 2680  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:53:06.0696 2680  iScsiPrt - ok
22:53:06.0712 2680  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:53:06.0727 2680  iteatapi - ok
22:53:06.0759 2680  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:53:06.0759 2680  iteraid - ok
22:53:06.0774 2680  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:53:06.0790 2680  kbdclass - ok
22:53:06.0821 2680  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:53:06.0837 2680  kbdhid - ok
22:53:06.0868 2680  [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
22:53:06.0883 2680  kbfiltr - ok
22:53:06.0915 2680  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:53:06.0946 2680  KeyIso - ok
22:53:06.0993 2680  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:53:07.0024 2680  KSecDD - ok
22:53:07.0071 2680  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:53:07.0133 2680  KtmRm - ok
22:53:07.0180 2680  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:53:07.0289 2680  LanmanServer - ok
22:53:07.0320 2680  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:53:07.0398 2680  LanmanWorkstation - ok
22:53:07.0445 2680  [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:53:07.0523 2680  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:53:07.0523 2680  LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:53:07.0554 2680  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:53:07.0585 2680  lltdio - ok
22:53:07.0617 2680  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:53:07.0663 2680  lltdsvc - ok
22:53:07.0679 2680  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:53:07.0757 2680  lmhosts - ok
22:53:07.0788 2680  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:53:07.0804 2680  LSI_FC - ok
22:53:07.0835 2680  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:53:07.0851 2680  LSI_SAS - ok
22:53:07.0866 2680  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:53:07.0882 2680  LSI_SCSI - ok
22:53:07.0897 2680  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:53:07.0944 2680  luafv - ok
22:53:07.0960 2680  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:53:07.0975 2680  megasas - ok
22:53:08.0007 2680  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
22:53:08.0038 2680  MegaSR - ok
22:53:08.0053 2680  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:53:08.0131 2680  MMCSS - ok
22:53:08.0194 2680  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:53:08.0241 2680  Modem - ok
22:53:08.0272 2680  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:53:08.0303 2680  monitor - ok
22:53:08.0334 2680  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:53:08.0350 2680  mouclass - ok
22:53:08.0350 2680  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:53:08.0397 2680  mouhid - ok
22:53:08.0428 2680  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:53:08.0428 2680  MountMgr - ok
22:53:08.0475 2680  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:53:08.0490 2680  MozillaMaintenance - ok
22:53:08.0537 2680  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:53:08.0553 2680  mpio - ok
22:53:08.0568 2680  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:53:08.0599 2680  mpsdrv - ok
22:53:08.0631 2680  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:53:08.0693 2680  MpsSvc - ok
22:53:08.0724 2680  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:53:08.0740 2680  Mraid35x - ok
22:53:08.0771 2680  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:53:08.0787 2680  MRxDAV - ok
22:53:08.0818 2680  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:53:08.0833 2680  mrxsmb - ok
22:53:08.0865 2680  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:53:08.0896 2680  mrxsmb10 - ok
22:53:08.0911 2680  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:53:08.0927 2680  mrxsmb20 - ok
22:53:08.0958 2680  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
22:53:08.0974 2680  msahci - ok
22:53:08.0989 2680  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:53:09.0021 2680  msdsm - ok
22:53:09.0021 2680  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:53:09.0083 2680  MSDTC - ok
22:53:09.0099 2680  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:53:09.0145 2680  Msfs - ok
22:53:09.0161 2680  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:53:09.0177 2680  msisadrv - ok
22:53:09.0255 2680  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:53:09.0301 2680  MSiSCSI - ok
22:53:09.0301 2680  msiserver - ok
22:53:09.0333 2680  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:53:09.0379 2680  MSKSSRV - ok
22:53:09.0411 2680  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:53:09.0457 2680  MSPCLOCK - ok
22:53:09.0457 2680  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:53:09.0504 2680  MSPQM - ok
22:53:09.0535 2680  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:53:09.0551 2680  MsRPC - ok
22:53:09.0567 2680  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:53:09.0598 2680  mssmbios - ok
22:53:09.0598 2680  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:53:09.0629 2680  MSTEE - ok
22:53:09.0660 2680  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
22:53:09.0691 2680  MTsensor - ok
22:53:09.0723 2680  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:53:09.0738 2680  Mup - ok
22:53:09.0769 2680  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:53:09.0847 2680  napagent - ok
22:53:09.0879 2680  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:53:09.0910 2680  NativeWifiP - ok
22:53:09.0941 2680  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:53:09.0988 2680  NDIS - ok
22:53:10.0035 2680  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:53:10.0066 2680  NdisTapi - ok
22:53:10.0097 2680  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:53:10.0128 2680  Ndisuio - ok
22:53:10.0159 2680  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:53:10.0191 2680  NdisWan - ok
22:53:10.0191 2680  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:53:10.0253 2680  NDProxy - ok
22:53:10.0269 2680  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:53:10.0300 2680  NetBIOS - ok
22:53:10.0331 2680  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:53:10.0378 2680  netbt - ok
22:53:10.0393 2680  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:53:10.0425 2680  Netlogon - ok
22:53:10.0456 2680  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:53:10.0534 2680  Netman - ok
22:53:10.0549 2680  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:53:10.0612 2680  netprofm - ok
22:53:10.0643 2680  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:53:10.0659 2680  NetTcpPortSharing - ok
22:53:10.0674 2680  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:53:10.0690 2680  nfrd960 - ok
22:53:10.0705 2680  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:53:10.0768 2680  NlaSvc - ok
22:53:10.0799 2680  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:53:10.0846 2680  Npfs - ok
22:53:10.0861 2680  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:53:10.0939 2680  nsi - ok
22:53:10.0955 2680  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:53:10.0986 2680  nsiproxy - ok
22:53:11.0049 2680  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:53:11.0111 2680  Ntfs - ok
22:53:11.0158 2680  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:53:11.0205 2680  ntrigdigi - ok
22:53:11.0251 2680  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:53:11.0283 2680  Null - ok
22:53:11.0298 2680  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:53:11.0314 2680  nvraid - ok
22:53:11.0329 2680  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:53:11.0345 2680  nvstor - ok
22:53:11.0361 2680  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:53:11.0376 2680  nv_agp - ok
22:53:11.0376 2680  NwlnkFlt - ok
22:53:11.0392 2680  NwlnkFwd - ok
22:53:11.0470 2680  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:53:11.0517 2680  odserv - ok
22:53:11.0579 2680  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:53:11.0610 2680  ohci1394 - ok
22:53:11.0641 2680  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:53:11.0657 2680  ose - ok
22:53:11.0704 2680  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:53:11.0782 2680  p2pimsvc - ok
22:53:11.0844 2680  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:53:11.0907 2680  p2psvc - ok
22:53:11.0969 2680  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:53:12.0031 2680  Parport - ok
22:53:12.0047 2680  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:53:12.0078 2680  partmgr - ok
22:53:12.0078 2680  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:53:12.0125 2680  Parvdm - ok
22:53:12.0156 2680  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:53:12.0234 2680  PcaSvc - ok
22:53:12.0281 2680  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:53:12.0297 2680  pci - ok
22:53:12.0343 2680  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
22:53:12.0359 2680  pciide - ok
22:53:12.0406 2680  [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:53:12.0421 2680  pcmcia - ok
22:53:12.0453 2680  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:53:12.0531 2680  PEAUTH - ok
22:53:12.0624 2680  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:53:12.0702 2680  pla - ok
22:53:12.0749 2680  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:53:12.0827 2680  PlugPlay - ok
22:53:12.0858 2680  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:53:12.0905 2680  PNRPAutoReg - ok
22:53:12.0983 2680  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:53:13.0077 2680  PNRPsvc - ok
22:53:13.0170 2680  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:53:13.0233 2680  PolicyAgent - ok
22:53:13.0295 2680  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:53:13.0326 2680  PptpMiniport - ok
22:53:13.0357 2680  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
22:53:13.0389 2680  Processor - ok
22:53:13.0435 2680  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:53:13.0513 2680  ProfSvc - ok
22:53:13.0529 2680  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:53:13.0560 2680  ProtectedStorage - ok
22:53:13.0591 2680  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:53:13.0623 2680  PSched - ok
22:53:13.0669 2680  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:53:13.0716 2680  ql2300 - ok
22:53:13.0747 2680  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:53:13.0763 2680  ql40xx - ok
22:53:13.0779 2680  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:53:13.0841 2680  QWAVE - ok
22:53:13.0888 2680  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:53:13.0919 2680  QWAVEdrv - ok
22:53:13.0935 2680  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:53:13.0966 2680  RasAcd - ok
22:53:13.0997 2680  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:53:14.0059 2680  RasAuto - ok
22:53:14.0075 2680  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:53:14.0106 2680  Rasl2tp - ok
22:53:14.0137 2680  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:53:14.0200 2680  RasMan - ok
22:53:14.0215 2680  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:53:14.0247 2680  RasPppoe - ok
22:53:14.0309 2680  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:53:14.0340 2680  RasSstp - ok
22:53:14.0371 2680  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:53:14.0403 2680  rdbss - ok
22:53:14.0434 2680  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:53:14.0481 2680  RDPCDD - ok
22:53:14.0512 2680  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:53:14.0543 2680  rdpdr - ok
22:53:14.0543 2680  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:53:14.0590 2680  RDPENCDD - ok
22:53:14.0621 2680  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:53:14.0668 2680  RDPWD - ok
22:53:14.0699 2680  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:53:14.0761 2680  RemoteAccess - ok
22:53:14.0793 2680  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:53:14.0839 2680  RemoteRegistry - ok
22:53:14.0871 2680  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:53:14.0902 2680  RFCOMM - ok
22:53:14.0964 2680  [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:53:14.0980 2680  RichVideo - ok
22:53:15.0027 2680  [ DED01A389926A89540B82373E4C550EE ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
22:53:15.0058 2680  rimmptsk - ok
22:53:15.0058 2680  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
22:53:15.0120 2680  rimsptsk - ok
22:53:15.0151 2680  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:53:15.0214 2680  RpcLocator - ok
22:53:15.0245 2680  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:53:15.0307 2680  RpcSs - ok
22:53:15.0354 2680  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:53:15.0385 2680  rspndr - ok
22:53:15.0417 2680  [ 5C5612756B380BCEDBF566A780FF9AFE ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
22:53:15.0495 2680  RTL8023xp - ok
22:53:15.0495 2680  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
22:53:15.0541 2680  SamSs - ok
22:53:15.0557 2680  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:53:15.0573 2680  sbp2port - ok
22:53:15.0604 2680  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:53:15.0682 2680  SCardSvr - ok
22:53:15.0713 2680  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:53:15.0838 2680  Schedule - ok
22:53:15.0900 2680  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:53:15.0916 2680  SCPolicySvc - ok
22:53:15.0963 2680  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:53:15.0994 2680  sdbus - ok
22:53:16.0041 2680  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:53:16.0134 2680  SDRSVC - ok
22:53:16.0165 2680  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:53:16.0228 2680  secdrv - ok
22:53:16.0275 2680  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:53:16.0337 2680  seclogon - ok
22:53:16.0368 2680  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:53:16.0431 2680  SENS - ok
22:53:16.0462 2680  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:53:16.0509 2680  Serenum - ok
22:53:16.0524 2680  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:53:16.0571 2680  Serial - ok
22:53:16.0587 2680  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:53:16.0618 2680  sermouse - ok
22:53:16.0649 2680  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:53:16.0727 2680  SessionEnv - ok
22:53:16.0743 2680  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:53:16.0758 2680  sffdisk - ok
22:53:16.0774 2680  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:53:16.0805 2680  sffp_mmc - ok
22:53:16.0836 2680  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:53:16.0883 2680  sffp_sd - ok
22:53:16.0899 2680  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:53:16.0930 2680  sfloppy - ok
22:53:16.0961 2680  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:53:17.0008 2680  SharedAccess - ok
22:53:17.0039 2680  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:53:17.0117 2680  ShellHWDetection - ok
22:53:17.0148 2680  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:53:17.0164 2680  sisagp - ok
22:53:17.0179 2680  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:53:17.0195 2680  SiSRaid2 - ok
22:53:17.0211 2680  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:53:17.0226 2680  SiSRaid4 - ok
22:53:17.0382 2680  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:53:17.0554 2680  slsvc - ok
22:53:17.0585 2680  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:53:17.0647 2680  SLUINotify - ok
22:53:17.0663 2680  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:53:17.0694 2680  Smb - ok
22:53:17.0757 2680  [ C8A58FC905C9184FA70E37F71060C64D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
22:53:17.0819 2680  smserial - ok
22:53:17.0866 2680  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:53:17.0913 2680  SNMPTRAP - ok
22:53:17.0975 2680  [ 8F6838AEEBC79E8898C2065D969C47CC ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
22:53:18.0100 2680  SNP2UVC - ok
22:53:18.0131 2680  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:53:18.0147 2680  spldr - ok
22:53:18.0178 2680  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:53:18.0256 2680  Spooler - ok
22:53:18.0287 2680  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:53:18.0334 2680  srv - ok
22:53:18.0396 2680  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:53:18.0459 2680  srv2 - ok
22:53:18.0474 2680  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:53:18.0490 2680  srvnet - ok
22:53:18.0521 2680  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:53:18.0599 2680  SSDPSRV - ok
22:53:18.0615 2680  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:53:18.0693 2680  SstpSvc - ok
22:53:18.0724 2680  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:53:18.0817 2680  stisvc - ok
22:53:18.0864 2680  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:53:18.0895 2680  swenum - ok
22:53:18.0911 2680  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:53:18.0989 2680  swprv - ok
22:53:19.0098 2680  [ 438FAFE708C93B2236FC26B6F2BD5FD0 ] Symantec Core LC C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
22:53:19.0161 2680  Symantec Core LC - ok
22:53:19.0176 2680  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:53:19.0192 2680  Symc8xx - ok
22:53:19.0223 2680  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:53:19.0239 2680  Sym_hi - ok
22:53:19.0254 2680  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:53:19.0270 2680  Sym_u3 - ok
22:53:19.0301 2680  [ 55F6E55CC2430CA8713387106FA79817 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:53:19.0317 2680  SynTP - ok
22:53:19.0395 2680  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:53:19.0473 2680  SysMain - ok
22:53:19.0535 2680  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:53:19.0629 2680  TabletInputService - ok
22:53:19.0675 2680  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:53:19.0738 2680  TapiSrv - ok
22:53:19.0769 2680  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:53:19.0847 2680  TBS - ok
22:53:19.0894 2680  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:53:19.0956 2680  Tcpip - ok
22:53:20.0019 2680  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:53:20.0050 2680  Tcpip6 - ok
22:53:20.0112 2680  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:53:20.0128 2680  tcpipreg - ok
22:53:20.0143 2680  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:53:20.0190 2680  TDPIPE - ok
22:53:20.0206 2680  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:53:20.0253 2680  TDTCP - ok
22:53:20.0299 2680  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:53:20.0315 2680  tdx - ok
22:53:20.0393 2680  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:53:20.0409 2680  TermDD - ok
22:53:20.0440 2680  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:53:20.0549 2680  TermService - ok
22:53:20.0565 2680  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:53:20.0627 2680  Themes - ok
22:53:20.0627 2680  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:53:20.0674 2680  THREADORDER - ok
22:53:20.0705 2680  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:53:20.0783 2680  TrkWks - ok
22:53:20.0830 2680  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:53:20.0877 2680  TrustedInstaller - ok
22:53:20.0908 2680  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:53:20.0939 2680  tssecsrv - ok
22:53:20.0955 2680  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:53:20.0986 2680  tunmp - ok
22:53:21.0001 2680  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:53:21.0033 2680  tunnel - ok
22:53:21.0048 2680  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:53:21.0064 2680  uagp35 - ok
22:53:21.0079 2680  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:53:21.0111 2680  udfs - ok
22:53:21.0157 2680  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:53:21.0235 2680  UI0Detect - ok
22:53:21.0267 2680  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:53:21.0282 2680  uliagpkx - ok
22:53:21.0298 2680  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:53:21.0313 2680  uliahci - ok
22:53:21.0345 2680  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:53:21.0360 2680  UlSata - ok
22:53:21.0391 2680  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:53:21.0407 2680  ulsata2 - ok
22:53:21.0423 2680  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:53:21.0469 2680  umbus - ok
22:53:21.0516 2680  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:53:21.0594 2680  upnphost - ok
22:53:21.0625 2680  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:53:21.0657 2680  usbccgp - ok
22:53:21.0688 2680  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:53:21.0750 2680  usbcir - ok
22:53:21.0781 2680  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:53:21.0813 2680  usbehci - ok
22:53:21.0844 2680  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:53:21.0875 2680  usbhub - ok
22:53:21.0891 2680  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:53:21.0937 2680  usbohci - ok
22:53:21.0969 2680  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:53:22.0000 2680  usbprint - ok
22:53:22.0031 2680  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:53:22.0062 2680  usbscan - ok
22:53:22.0078 2680  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:53:22.0109 2680  USBSTOR - ok
22:53:22.0125 2680  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:53:22.0156 2680  usbuhci - ok
22:53:22.0203 2680  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:53:22.0234 2680  usbvideo - ok
22:53:22.0281 2680  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:53:22.0359 2680  UxSms - ok
22:53:22.0421 2680  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:53:22.0499 2680  vds - ok
22:53:22.0561 2680  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:53:22.0608 2680  vga - ok
22:53:22.0624 2680  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:53:22.0671 2680  VgaSave - ok
22:53:22.0686 2680  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:53:22.0702 2680  viaagp - ok
22:53:22.0717 2680  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:53:22.0749 2680  ViaC7 - ok
22:53:22.0764 2680  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:53:22.0780 2680  viaide - ok
22:53:22.0795 2680  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:53:22.0811 2680  volmgr - ok
22:53:22.0842 2680  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:53:22.0873 2680  volmgrx - ok
22:53:22.0905 2680  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:53:22.0936 2680  volsnap - ok
22:53:22.0967 2680  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:53:22.0983 2680  vsmraid - ok
22:53:23.0029 2680  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:53:23.0123 2680  VSS - ok
22:53:23.0232 2680  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
22:53:23.0263 2680  vToolbarUpdater15.2.0 - ok
22:53:23.0310 2680  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:53:23.0419 2680  W32Time - ok
22:53:23.0451 2680  [ B8C182DF79AC8938311AC8E193D52762 ] w800bus         C:\Windows\system32\DRIVERS\w800bus.sys
22:53:23.0513 2680  w800bus - ok
22:53:23.0529 2680  [ EA5FD1AA88EA436BC6218282507EF450 ] w800mdfl        C:\Windows\system32\DRIVERS\w800mdfl.sys
22:53:23.0544 2680  w800mdfl ( UnsignedFile.Multi.Generic ) - warning
22:53:23.0544 2680  w800mdfl - detected UnsignedFile.Multi.Generic (1)
22:53:23.0560 2680  [ 806ECED80C80EE07DD32FF720CA9D8D6 ] w800mdm         C:\Windows\system32\DRIVERS\w800mdm.sys
22:53:23.0591 2680  w800mdm ( UnsignedFile.Multi.Generic ) - warning
22:53:23.0591 2680  w800mdm - detected UnsignedFile.Multi.Generic (1)
22:53:23.0607 2680  [ B420B0023F068CBF00E1B9591BED1437 ] w800mgmt        C:\Windows\system32\DRIVERS\w800mgmt.sys
22:53:23.0622 2680  w800mgmt ( UnsignedFile.Multi.Generic ) - warning
22:53:23.0622 2680  w800mgmt - detected UnsignedFile.Multi.Generic (1)
22:53:23.0653 2680  [ DCD2BE4EBB36CFAC0FE9094D5AA2C618 ] w800obex        C:\Windows\system32\DRIVERS\w800obex.sys
22:53:23.0669 2680  w800obex ( UnsignedFile.Multi.Generic ) - warning
22:53:23.0669 2680  w800obex - detected UnsignedFile.Multi.Generic (1)
22:53:23.0669 2680  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:53:23.0731 2680  WacomPen - ok
22:53:23.0763 2680  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:53:23.0794 2680  Wanarp - ok
22:53:23.0809 2680  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:53:23.0841 2680  Wanarpv6 - ok
22:53:23.0872 2680  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:53:23.0934 2680  wcncsvc - ok
22:53:23.0981 2680  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:53:24.0059 2680  WcsPlugInService - ok
22:53:24.0075 2680  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
22:53:24.0106 2680  Wd - ok
22:53:24.0137 2680  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:53:24.0168 2680  Wdf01000 - ok
22:53:24.0215 2680  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:53:24.0293 2680  WdiServiceHost - ok
22:53:24.0309 2680  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:53:24.0387 2680  WdiSystemHost - ok
22:53:24.0433 2680  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:53:24.0511 2680  WebClient - ok
22:53:24.0527 2680  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:53:24.0589 2680  Wecsvc - ok
22:53:24.0621 2680  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:53:24.0683 2680  wercplsupport - ok
22:53:24.0714 2680  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:53:24.0777 2680  WerSvc - ok
22:53:24.0839 2680  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:53:24.0855 2680  WinDefend - ok
22:53:24.0855 2680  WinHttpAutoProxySvc - ok
22:53:24.0917 2680  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:53:25.0182 2680  Winmgmt - ok
22:53:25.0245 2680  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:53:25.0338 2680  WinRM - ok
22:53:25.0463 2680  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:53:25.0588 2680  Wlansvc - ok
22:53:25.0728 2680  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:53:25.0791 2680  wlidsvc - ok
22:53:25.0869 2680  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:53:25.0915 2680  WmiAcpi - ok
22:53:25.0947 2680  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:53:25.0993 2680  wmiApSrv - ok
22:53:26.0056 2680  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:53:26.0165 2680  WMPNetworkSvc - ok
22:53:26.0196 2680  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:53:26.0305 2680  WPCSvc - ok
22:53:26.0337 2680  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:53:26.0399 2680  WPDBusEnum - ok
22:53:26.0493 2680  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:53:26.0524 2680  WpdUsb - ok
22:53:26.0555 2680  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:53:26.0586 2680  ws2ifsl - ok
22:53:26.0617 2680  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:53:26.0695 2680  wscsvc - ok
22:53:26.0695 2680  WSearch - ok
22:53:26.0758 2680  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:53:26.0898 2680  wuauserv - ok
22:53:26.0961 2680  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:53:26.0992 2680  WudfPf - ok
22:53:27.0023 2680  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:53:27.0054 2680  WUDFRd - ok
22:53:27.0101 2680  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:53:27.0179 2680  wudfsvc - ok
22:53:27.0257 2680  [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
22:53:27.0319 2680  yukonwlh - ok
22:53:27.0351 2680  ================ Scan global ===============================
22:53:27.0382 2680  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:53:27.0429 2680  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:53:27.0538 2680  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:53:27.0631 2680  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:53:27.0678 2680  [Global] - ok
22:53:27.0678 2680  ================ Scan MBR ==================================
22:53:27.0694 2680  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:53:28.0053 2680  \Device\Harddisk0\DR0 - ok
22:53:28.0053 2680  ================ Scan VBR ==================================
22:53:28.0099 2680  [ 8C69B75B146DE6D22257EC78BD4DABC1 ] \Device\Harddisk0\DR0\Partition1
22:53:28.0099 2680  \Device\Harddisk0\DR0\Partition1 - ok
22:53:28.0099 2680  [ 581352BDBE5BFC4BAC50C20BDED35AC5 ] \Device\Harddisk0\DR0\Partition2
22:53:28.0099 2680  \Device\Harddisk0\DR0\Partition2 - ok
22:53:28.0146 2680  [ EA2D3081741110874DAE30DF36F513E9 ] \Device\Harddisk0\DR0\Partition3
22:53:28.0146 2680  \Device\Harddisk0\DR0\Partition3 - ok
22:53:28.0162 2680  [ 648C6FA75679F550ABE6D935B9878C7B ] \Device\Harddisk0\DR0\Partition4
22:53:28.0162 2680  \Device\Harddisk0\DR0\Partition4 - ok
22:53:28.0162 2680  ============================================================
22:53:28.0162 2680  Scan finished
22:53:28.0162 2680  ============================================================
22:53:28.0177 3156  Detected object count: 10
22:53:28.0177 3156  Actual detected object count: 10
22:54:30.0921 3156  ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0921 3156  ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0921 3156  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0921 3156  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0936 3156  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0936 3156  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0936 3156  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0936 3156  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0936 3156  FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0936 3156  FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0936 3156  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0936 3156  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0952 3156  w800mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0952 3156  w800mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0952 3156  w800mdm ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0952 3156  w800mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0952 3156  w800mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0952 3156  w800mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:30.0952 3156  w800obex ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:30.0952 3156  w800obex ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:04.0960 5324  Deinitialize success

Grüße
Andy.pol

cosinus · 27.05.2013, 22:32

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Andy.pol · 28.05.2013, 00:21

Hallo cosinus,

anbei die Logfiles:

1. JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Kunde on 27.05.2013 at 23:38:11,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browserprotect 
Successfully deleted: [Service] browserprotect 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3796133184-2747058595-3010327798-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\lowregistry\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Kunde\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\Kunde\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"



~~~ FireFox

Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\user.js
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\searchplugins\delta.xml
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com"
Successfully deleted the following from C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\prefs.js

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "acf6136800000000000000224383e24b");
user_pref("extensions.delta.instlDay", "15849");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.520:39:42");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119357&tt=gc_");
user_pref("extensions.delta_i.srcExt", "ss");
Emptied folder: C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\minidumps [25 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2013 at 23:40:03,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. AdwCleaner

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 28/05/2013 um 00:09:57 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Kunde - KUNDEN-NB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kunde\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Kunde\AppData\Local\Temp\avg@toolbar
Ordner Gelöscht : C:\Users\Kunde\AppData\LocalLow\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5b6ded9b43cec41
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\BrowserProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\5b6ded9b43cec41
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Kunde\AppData\Roaming\Mozilla\Firefox\Profiles\caserjqh.default\prefs.js

Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.2.0.5");
Gelöscht : user_pref("avg.install.userSPSettings", "AVG Secure Search");

*************************

AdwCleaner[S1].txt - [377 octets] - [27/05/2013 23:41:20]
AdwCleaner[S2].txt - [7572 octets] - [28/05/2013 00:09:57]

########## EOF - C:\AdwCleaner[S2].txt - [7632 octets] ##########

3. OTL

Code:

ATTFilter

OTL logfile created on: 28.05.2013 01:08:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kunde\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,52% Memory free
6,18 Gb Paging File | 4,97 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,46 Gb Total Space | 19,91 Gb Free Space | 18,03% Space Free | Partition Type: NTFS
Drive D: | 58,95 Gb Total Space | 56,81 Gb Free Space | 96,37% Space Free | Partition Type: NTFS
Drive F: | 53,71 Gb Total Space | 48,75 Gb Free Space | 90,77% Space Free | Partition Type: NTFS
Drive H: | 9,76 Gb Total Space | 5,18 Gb Free Space | 53,04% Space Free | Partition Type: FAT32
 
Computer Name: KUNDEN-NB | User Name: Kunde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kunde\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Windows\ASScrPro.exe ()
MOD - C:\Program files\P4G\OvrClk.dll ()
MOD - C:\Program files\P4G\DevMng.dll ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
MOD - C:\Program Files\ATKGFNEX\AGFNEX.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Symantec Core LC) -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Kunde\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (w800bus) -- C:\Windows\System32\drivers\w800bus.sys (MCCI)
DRV - (w800obex) -- C:\Windows\System32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\Windows\System32\drivers\w800mgmt.sys (MCCI)
DRV - (w800mdm) -- C:\Windows\System32\drivers\w800mdm.sys (MCCI)
DRV - (w800mdfl) -- C:\Windows\System32\drivers\w800mdfl.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes\{7D4539A9-D7B3-4C67-ADD7-A5BAFC5DAE18}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 20:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 20:56:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 20:56:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 20:56:00 | 000,000,000 | ---D | M]
 
[2012.02.01 21:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kunde\AppData\Roaming\mozilla\Extensions
[2009.09.26 13:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kunde\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.24 20:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kunde\AppData\Roaming\mozilla\Firefox\Profiles\caserjqh.default\extensions
[2013.05.27 23:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.05.24 20:55:58 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2013.05.24 20:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013.05.24 20:56:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.03.06 09:31:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - Startup: C:\Users\Kunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kunde\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240CE465-C3AF-4234-A791-2C2008F083F1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6648191f-e2ca-11df-8a0e-00248cc3feb5}\Shell\AutoRun\command - "" = G:\installer.exe
O33 - MountPoints2\{6648191f-e2ca-11df-8a0e-00248cc3feb5}\Shell\verb\command - "" = G:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.27 23:38:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.27 23:37:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 23:37:27 | 000,000,000 | ---D | C] -- \JRT
[2013.05.27 23:35:47 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Kunde\Desktop\JRT.exe
[2013.05.27 22:37:45 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kunde\Desktop\tdsskiller.exe
[2013.05.27 22:37:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kunde\Desktop\aswMBR.exe
[2013.05.26 22:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.05.26 22:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.26 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\Kunde\Desktop\mbar-1.06.0.1003
[2013.05.26 19:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kunde\Desktop\OTL.exe
[2013.05.24 21:20:23 | 000,000,000 | ---D | C] -- C:\Users\Kunde\Local Settings
[2013.05.24 20:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.24 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Kunde\AppData\Roaming\DSite
[2013.05.22 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Kunde\AppData\Roaming\TagScanner
[2013.05.22 22:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
[2013.05.22 22:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\TagScanner
[2013.05.21 22:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.05.14 22:37:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.14 22:33:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.14 22:33:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.14 22:33:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.14 22:33:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.14 22:33:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.14 22:33:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.14 22:33:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.14 21:37:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.05.14 21:37:44 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.12 16:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D-Garten 8.0
[2013.05.12 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\Kunde\Documents\3D-Garten 8.0 Beispiele
[2013.05.12 15:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\GARTEN8C
[2013.05.12 15:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\3D-Garten 8.0
[2013.05.08 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.08 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.28 01:03:29 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.05.28 01:03:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 01:03:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 01:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 01:03:04 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 01:02:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.28 01:01:48 | 000,000,178 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.28 00:57:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.27 23:36:13 | 000,632,031 | ---- | M] () -- C:\Users\Kunde\Desktop\adwcleaner.exe
[2013.05.27 23:35:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Kunde\Desktop\JRT.exe
[2013.05.27 22:51:46 | 000,000,512 | ---- | M] () -- C:\Users\Kunde\Desktop\MBR.dat
[2013.05.27 22:38:51 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kunde\Desktop\aswMBR.exe
[2013.05.27 22:37:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kunde\Desktop\tdsskiller.exe
[2013.05.26 22:58:01 | 013,338,660 | ---- | M] () -- C:\Users\Kunde\Desktop\mbar-1.06.0.1003.zip
[2013.05.26 21:05:19 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.05.26 20:48:54 | 000,000,680 | ---- | M] () -- C:\Users\Kunde\AppData\Local\d3d9caps.dat
[2013.05.26 20:23:28 | 000,377,856 | ---- | M] () -- C:\Users\Kunde\Desktop\gmer_2.1.19163.exe
[2013.05.26 19:55:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kunde\Desktop\OTL.exe
[2013.05.26 07:53:47 | 000,002,631 | ---- | M] () -- C:\Users\Kunde\Desktop\Microsoft Office Word 2007.lnk
[2013.05.24 20:39:16 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.05.22 22:24:00 | 000,000,817 | ---- | M] () -- C:\Users\Kunde\Desktop\TagScanner.lnk
[2013.05.21 22:50:19 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.05.21 22:41:02 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.20 13:07:23 | 000,682,590 | ---- | M] () -- C:\Users\Kunde\Desktop\23442_xxx_Aupl_HSB_PDF.pdf
[2013.05.20 11:43:58 | 000,765,985 | ---- | M] () -- C:\Users\Kunde\Desktop\Bild 3 001.jpg
[2013.05.20 11:42:38 | 000,794,069 | ---- | M] () -- C:\Users\Kunde\Desktop\Bild 2 001.jpg
[2013.05.20 11:40:32 | 001,055,633 | ---- | M] () -- C:\Users\Kunde\Desktop\Bild 1 001.jpg
[2013.05.20 08:58:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.20 08:58:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.16 21:12:18 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 21:12:18 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 21:12:18 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 21:12:18 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 21:05:33 | 000,270,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.12 16:05:04 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\3D-Garten 8.0.lnk
[2013.05.12 11:04:49 | 000,120,666 | ---- | M] () -- C:\Users\Kunde\Desktop\Grundriss_Carport_und_Garage.pdf
[2013.05.12 11:03:57 | 003,729,960 | R--- | M] () -- C:\Users\Kunde\Desktop\%0d%0a Garage_und_Carport_in_grautönen.jpg
[2013.05.10 19:09:24 | 000,002,633 | ---- | M] () -- C:\Users\Kunde\Desktop\Microsoft Office Excel 2007.lnk
[2013.05.08 23:01:08 | 000,001,197 | ---- | M] () -- C:\Users\Kunde\Desktop\Free YouTube to MP3 Converter.lnk
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.28 19:40:29 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.27 23:41:37 | 000,000,178 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.27 23:36:11 | 000,632,031 | ---- | C] () -- C:\Users\Kunde\Desktop\adwcleaner.exe
[2013.05.27 22:51:46 | 000,000,512 | ---- | C] () -- C:\Users\Kunde\Desktop\MBR.dat
[2013.05.26 22:34:28 | 013,338,660 | ---- | C] () -- C:\Users\Kunde\Desktop\mbar-1.06.0.1003.zip
[2013.05.26 21:04:55 | 3212,042,240 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.26 21:04:55 | 3212,042,240 | -HS- | C] () -- \hiberfil.sys
[2013.05.26 20:48:54 | 000,000,680 | ---- | C] () -- C:\Users\Kunde\AppData\Local\d3d9caps.dat
[2013.05.26 20:23:26 | 000,377,856 | ---- | C] () -- C:\Users\Kunde\Desktop\gmer_2.1.19163.exe
[2013.05.24 20:39:16 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.05.22 22:24:00 | 000,000,817 | ---- | C] () -- C:\Users\Kunde\Desktop\TagScanner.lnk
[2013.05.20 13:07:18 | 000,682,590 | ---- | C] () -- C:\Users\Kunde\Desktop\23442_xxx_Aupl_HSB_PDF.pdf
[2013.05.20 11:43:58 | 000,765,985 | ---- | C] () -- C:\Users\Kunde\Desktop\Bild 3 001.jpg
[2013.05.20 11:42:38 | 000,794,069 | ---- | C] () -- C:\Users\Kunde\Desktop\Bild 2 001.jpg
[2013.05.20 11:40:32 | 001,055,633 | ---- | C] () -- C:\Users\Kunde\Desktop\Bild 1 001.jpg
[2013.05.12 16:05:04 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\3D-Garten 8.0.lnk
[2013.05.12 11:04:48 | 000,120,666 | ---- | C] () -- C:\Users\Kunde\Desktop\Grundriss_Carport_und_Garage.pdf
[2013.05.12 11:03:48 | 003,729,960 | R--- | C] () -- C:\Users\Kunde\Desktop\%0d%0a Garage_und_Carport_in_grautönen.jpg
[2013.05.08 23:01:08 | 000,001,197 | ---- | C] () -- C:\Users\Kunde\Desktop\Free YouTube to MP3 Converter.lnk
[2013.03.11 21:05:05 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.03.11 21:05:05 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.05.24 01:49:44 | 000,142,111 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2011.05.23 22:42:23 | 000,146,064 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2010.07.06 21:26:44 | 000,178,322 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2010.06.28 00:24:17 | 000,000,211 | -HS- | C] () -- \boot.ini
[2010.06.27 22:52:12 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010.06.27 22:52:12 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.10.05 15:07:56 | 000,000,058 | ---- | C] () -- C:\Users\Kunde\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.07.04 14:58:51 | 000,025,600 | ---- | C] () -- C:\Users\Kunde\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.14 04:23:17 | 000,000,027 | ---- | C] () -- \Driver.20
[2008.12.09 08:37:37 | 001,048,576 | RH-- | C] () -- \X58LE.BIN
[2008.11.06 05:14:01 | 000,000,022 | ---- | C] () -- \RECOVERY.DAT
[2008.04.16 11:45:26 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.04.16 11:45:24 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008.04.14 14:00:00 | 000,251,712 | RHS- | C] () -- \ntldr
[2008.04.14 14:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[2008.04.14 14:00:00 | 000,004,952 | RHS- | C] () -- \bootfont.bin
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Viele Grüße

Andy.pol

cosinus · 28.05.2013, 08:39

Code:

ATTFilter

[2012.05.24 01:49:44 | 000,142,111 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2011.05.23 22:42:23 | 000,146,064 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2010.07.06 21:26:44 | 000,178,322 | ---- | C] () -- C:\Users\Kunde\xxx.elfo

hm, wasn das? Hast du jeden im Log ersichtlichen Benutzernamen zu "Kunde" editiert?

Andy.pol · 29.05.2013, 11:29

Hallo cosinus,
nein, der Computers wurde damals vom Händler so konfiguriert. Als Name: Kunde bzw. NB Kunde.

Grüße Andy.pol

cosinus · 29.05.2013, 12:37

Das mag vllt sein, aber hast du jeden Benutzernamen in "Kunde" im Log geändert?
Wie das so im Log steht, ist eine Speicherung im Dateisystem nämlich nicht möglich, denn ein Verzeichnis kann nicht mehrere Dateien mit ein und demselben Dateinamen speichern.

Andy.pol · 30.05.2013, 16:36

Hallo cosinus,

es hat jetzt ein bisl gedauert...
...also ich habe im Log nur in den 3 von Dir geposteten den Dateinamen geändert:
Also statt meines Names habe ich "xxx" gesetzt. Dadurch kommen dann die 3 gleichen Datei dabei raus...
Den Ordner bzw. "Kunde" habe ich allerdings nicht verändert.

Grüße
Andy.pol

cosinus · 30.05.2013, 21:55

Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Andy.pol · 31.05.2013, 19:16

Hallo cosinus,

so, hier die Lofiles:

1) MBAM (Vollscan):

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.31.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kunde :: KUNDEN-NB [Administrator]

31.05.2013 07:20:33
mbam-log-2013-05-31 (07-20-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364722
Laufzeit: 1 Stunde(n), 30 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2) Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aea024fed109be44a3015ca895bde7d1
# engine=13959
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-31 02:42:02
# local_time=2013-05-31 04:42:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1039 16777213 100 92 83167 57145306 0 0
# compatibility_mode=5892 16776574 100 95 54383524 207544094 0 0
# scanned=267331
# found=0
# cleaned=0
# scan_time=20075

Viele Grüße
Andy.pol

cosinus · 31.05.2013, 20:20

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

26.05.2013, 19:38	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System-Wiederherstellung nicht mehr möglich, programm browserprotect bit 89 neu und lässt sich nicht entfernen In der Anleitungen stehen doch Hinweise was du tun musst wenn Probleme auftreten __________________ Logfiles bitte immer in CODE-Tags posten

26.05.2013, 21:57	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System-Wiederherstellung nicht mehr möglich, programm browserprotect bit 89 neu und lässt sich nicht entfernen Dann lass GMER einfach sein und mach mit dem anderen Tool weiter __________________ __________________

System-Wiederherstellung nicht mehr möglich, programm browserprotect bit 89 neu und lässt sich nicht entfernen

Plagegeister aller Art und deren Bekämpfung: System-Wiederherstellung nicht mehr möglich, programm browserprotect bit 89 neu und lässt sich nicht entfernen