Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Babylon Search im Firefox und IE

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.01.2013, 19:11   #1
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Hallo,

ich habe mir heute(?) offensichtlich irgend etwas recht merkwürdiges eingefangen.
Die Suchfunktion Babylon Search.

Ich hatte schon angefangen mit verschiedenen Hinweisen aus dem Internet und eigen Ideen. So habe ich natürlich Versucht die Startseite einfach wieder zu ändern und den Addone zu entfernen. Ebenfalls habe ich über Programme und Funktionen die Deinstallation durchgeführt.

Mit AdwCleaner wie hier beschrieben http://www.trojaner-board.de/127355-babylon-search.html war ich auch schon dran und hatte ein Scan mit OTL gemacht, bis zu dem Punkt des Fix OTL, wo dann deutlich stand das dies ein Benutzerspezifisches Skipt ist.

Im Firefox habe ich nun nichts mehr, jedoch besteht das Problem weiterhin im IE und wie hier öfters schon geschrieben wurde, ist damit das System nicht sauber. Deswegen wende ich mich nochmal an euch.

Mein System ist ein Win7 Home Premium 64Bit.

Im Anhang sind die Logs

Die Dateien an denen mit Skript Steht wurden mit dem was hier steht http://www.trojaner-board.de/127355-babylon-search.html gescannt.
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES(X86)%\*.*
%appdata%\*.
%appdata%\*.*
%localappdata%\*.
%localappdata%\*.*
%allusersprofile%\*.
%allusersprofile%\*.*
CREATERESTOREPOINT

Die AdwCleaner Log und die Extra beim 2ten ORL Scann sind nicht auffindbar, warum auch immer.

Ich hoffe man kann mit weiterhelfen.

Besten Gruß
Angehängte Dateien
Dateityp: zip Logs.zip (58,1 KB, 42x aufgerufen)

Alt 20.01.2013, 19:13   #2
markusg
/// Malware-holic
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



hi
das adw cleaner log fehlt noch.
__________________

__________________

Alt 20.01.2013, 22:26   #3
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Ich hatte AdwCleaner direkt auf Löschen geklickt, habe leider nach dem Neustart keinerlei Textdokument bekommen und ist nicht auf dem Rechner auffindbar.

Habe dann soeben im AdwCleaner eine Suche gemacht, dabei ist folgendes raus gekommen:

Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 20/01/2013 um 22:07:09 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sven\Downloads\adwcleaner06.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : BrowserProtect
Gefunden : ICQ Service

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\bprotector_prefs.js
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\babylon1.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\BrowserProtect.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\searchplugins\safesearch.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\BabylonToolbar
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserProtect
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Sven\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Sven\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Sven\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\857dddcb335ba45
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\857dddcb335ba45
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-1334590940-1113963129-2406187371-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1334590940-1113963129-2406187371-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-1334590940-1113963129-2406187371-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109718&tt=0313_7&babsrc=HP_ss&mntrId=ca3579f4000000000000485b390c31df
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=109718&tt=0313_7&babsrc=HP_ss&mntrId=ca3579f4000000000000485b390c31df

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\prefs.js

Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gefunden : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "ca3579f4000000000000485b390c31df");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15725");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109718&tt=0313_7");
Gefunden : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.215:39:44");

*************************

AdwCleaner[R1].txt - [17314 octets] - [20/01/2013 22:07:09]

########## EOF - C:\AdwCleaner[R1].txt - [17375 octets] ##########
         
__________________

Alt 21.01.2013, 14:24   #4
markusg
/// Malware-holic
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



du hast gesagt verschiedene, was hast du noch gemacht poste bitte alles was du bisher unternommen hast
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 15:00   #5
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Ich habe die Startseit im firefox manuel geändert, ich habe unter addons im firefox entfernt geklickt und unter programme und funktionen deinstaliert.
Schlussentlich habe ich noch, wie es im Internet stand über about:config im firefox auch dort die Startseit manuel geändert.

Und mit adwcleaner einmal ein loeschen ausgeführt.

Das müsste es dann gewesen sein.


Alt 21.01.2013, 15:16   #6
markusg
/// Malware-holic
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



ok
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> Babylon Search im Firefox und IE

Alt 21.01.2013, 17:31   #7
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Jo,

Code:
ATTFilter
17:25:56.0544 3624  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:25:57.0168 3624  ============================================================
17:25:57.0168 3624  Current date / time: 2013/01/21 17:25:57.0168
17:25:57.0168 3624  SystemInfo:
17:25:57.0168 3624  
17:25:57.0168 3624  OS Version: 6.1.7601 ServicePack: 1.0
17:25:57.0168 3624  Product type: Workstation
17:25:57.0168 3624  ComputerName: xxx
17:25:57.0168 3624  UserName: xxx
17:25:57.0168 3624  Windows directory: C:\Windows
17:25:57.0168 3624  System windows directory: C:\Windows
17:25:57.0168 3624  Running under WOW64
17:25:57.0168 3624  Processor architecture: Intel x64
17:25:57.0168 3624  Number of processors: 4
17:25:57.0168 3624  Page size: 0x1000
17:25:57.0168 3624  Boot type: Normal boot
17:25:57.0168 3624  ============================================================
17:25:58.0197 3624  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:58.0213 3624  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:25:58.0556 3624  ============================================================
17:25:58.0556 3624  \Device\Harddisk0\DR0:
17:25:58.0556 3624  MBR partitions:
17:25:58.0556 3624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0xE8E0360
17:25:58.0572 3624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1062B517, BlocksNum 0x29D5972A
17:25:58.0572 3624  \Device\Harddisk1\DR1:
17:25:58.0572 3624  MBR partitions:
17:25:58.0572 3624  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A182C1
17:25:58.0572 3624  ============================================================
17:25:58.0618 3624  C: <-> \Device\Harddisk0\DR0\Partition1
17:25:58.0650 3624  D: <-> \Device\Harddisk0\DR0\Partition2
17:25:58.0728 3624  F: <-> \Device\Harddisk1\DR1\Partition1
17:25:58.0728 3624  ============================================================
17:25:58.0728 3624  Initialize success
17:25:58.0728 3624  ============================================================
17:27:22.0899 6108  ============================================================
17:27:22.0899 6108  Scan started
17:27:22.0899 6108  Mode: Manual; SigCheck; TDLFS; 
17:27:22.0899 6108  ============================================================
17:27:24.0724 6108  ================ Scan system memory ========================
17:27:24.0724 6108  System memory - ok
17:27:24.0724 6108  ================ Scan services =============================
17:27:24.0927 6108  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:27:25.0099 6108  1394ohci - ok
17:27:25.0145 6108  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
17:27:25.0255 6108  61883 - ok
17:27:25.0301 6108  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:27:25.0333 6108  ACPI - ok
17:27:25.0348 6108  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:27:25.0442 6108  AcpiPmi - ok
17:27:25.0582 6108  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:25.0598 6108  AdobeFlashPlayerUpdateSvc - ok
17:27:25.0676 6108  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:27:25.0754 6108  adp94xx - ok
17:27:25.0785 6108  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:27:25.0801 6108  adpahci - ok
17:27:25.0847 6108  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:27:25.0863 6108  adpu320 - ok
17:27:25.0894 6108  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:27:26.0035 6108  AeLookupSvc - ok
17:27:26.0097 6108  [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent        C:\Windows\system32\FBAgent.exe
17:27:26.0159 6108  AFBAgent - ok
17:27:26.0206 6108  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:27:26.0315 6108  AFD - ok
17:27:26.0347 6108  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:27:26.0378 6108  agp440 - ok
17:27:26.0425 6108  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:27:26.0487 6108  ALG - ok
17:27:26.0534 6108  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:27:26.0549 6108  aliide - ok
17:27:26.0581 6108  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:27:26.0612 6108  amdide - ok
17:27:26.0643 6108  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:27:26.0705 6108  AmdK8 - ok
17:27:26.0721 6108  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:27:26.0752 6108  AmdPPM - ok
17:27:26.0799 6108  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:27:26.0846 6108  amdsata - ok
17:27:26.0877 6108  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:27:26.0908 6108  amdsbs - ok
17:27:26.0939 6108  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:27:26.0955 6108  amdxata - ok
17:27:27.0002 6108  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
17:27:27.0080 6108  AmUStor - ok
17:27:27.0127 6108  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:27:27.0345 6108  AppID - ok
17:27:27.0392 6108  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:27:27.0485 6108  AppIDSvc - ok
17:27:27.0563 6108  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:27:27.0626 6108  Appinfo - ok
17:27:27.0673 6108  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:27:27.0688 6108  arc - ok
17:27:27.0704 6108  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:27:27.0719 6108  arcsas - ok
17:27:27.0797 6108  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
17:27:27.0829 6108  ASLDRService - ok
17:27:27.0829 6108  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:27:27.0860 6108  ASMMAP64 - ok
17:27:27.0875 6108  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:27:27.0953 6108  AsyncMac - ok
17:27:27.0985 6108  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:27:28.0016 6108  atapi - ok
17:27:28.0078 6108  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:27:28.0187 6108  athr - ok
17:27:28.0203 6108  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
17:27:28.0219 6108  ATKGFNEXSrv - ok
17:27:28.0281 6108  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:27:28.0390 6108  AudioEndpointBuilder - ok
17:27:28.0421 6108  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:27:28.0468 6108  AudioSrv - ok
17:27:28.0515 6108  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
17:27:28.0562 6108  Avc - ok
17:27:28.0655 6108  [ DCF1EA7F25BDE93EFD9D93B2ADFCB836 ] Avolites CITP Active Fixture C:\Program Files (x86)\Avolites\CITP Active Fixture\Active Fixture Service.exe
17:27:28.0687 6108  Avolites CITP Active Fixture ( UnsignedFile.Multi.Generic ) - warning
17:27:28.0687 6108  Avolites CITP Active Fixture - detected UnsignedFile.Multi.Generic (1)
17:27:28.0765 6108  [ 8A21DB6FE1050DC5E2E83C2DA0C55A64 ] Avolites Expert Usb C:\Program Files (x86)\Avolites\UsbExpert\UsbExpertService.exe
17:27:28.0796 6108  Avolites Expert Usb ( UnsignedFile.Multi.Generic ) - warning
17:27:28.0796 6108  Avolites Expert Usb - detected UnsignedFile.Multi.Generic (1)
17:27:28.0858 6108  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:27:28.0967 6108  AxInstSV - ok
17:27:29.0014 6108  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:27:29.0077 6108  b06bdrv - ok
17:27:29.0108 6108  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:27:29.0155 6108  b57nd60a - ok
17:27:29.0201 6108  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:27:29.0279 6108  BDESVC - ok
17:27:29.0311 6108  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:27:29.0373 6108  Beep - ok
17:27:29.0451 6108  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:27:29.0560 6108  BFE - ok
17:27:29.0763 6108  [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20130111.001\BHDrvx64.sys
17:27:29.0841 6108  BHDrvx64 - ok
17:27:29.0872 6108  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:27:29.0981 6108  BITS - ok
17:27:30.0013 6108  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:27:30.0059 6108  blbdrive - ok
17:27:30.0122 6108  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:27:30.0184 6108  bowser - ok
17:27:30.0231 6108  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:27:30.0293 6108  BrFiltLo - ok
17:27:30.0309 6108  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:27:30.0340 6108  BrFiltUp - ok
17:27:30.0371 6108  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:27:30.0418 6108  Browser - ok
17:27:30.0543 6108  [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
17:27:30.0668 6108  BrowserProtect - ok
17:27:30.0746 6108  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:27:30.0839 6108  Brserid - ok
17:27:30.0855 6108  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:27:30.0886 6108  BrSerWdm - ok
17:27:30.0902 6108  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:27:30.0964 6108  BrUsbMdm - ok
17:27:30.0980 6108  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:27:31.0011 6108  BrUsbSer - ok
17:27:31.0058 6108  [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
17:27:31.0136 6108  BTCFilterService - ok
17:27:31.0151 6108  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:27:31.0198 6108  BTHMODEM - ok
17:27:31.0261 6108  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:27:31.0323 6108  bthserv - ok
17:27:31.0417 6108  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
17:27:31.0448 6108  ccSet_NIS - ok
17:27:31.0479 6108  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:27:31.0557 6108  cdfs - ok
17:27:31.0619 6108  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:27:31.0666 6108  cdrom - ok
17:27:31.0713 6108  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:27:31.0822 6108  CertPropSvc - ok
17:27:31.0853 6108  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:27:31.0885 6108  circlass - ok
17:27:31.0931 6108  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:27:31.0947 6108  CLFS - ok
17:27:32.0025 6108  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:32.0041 6108  clr_optimization_v2.0.50727_32 - ok
17:27:32.0103 6108  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:27:32.0119 6108  clr_optimization_v2.0.50727_64 - ok
17:27:32.0197 6108  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:32.0228 6108  clr_optimization_v4.0.30319_32 - ok
17:27:32.0290 6108  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:27:32.0306 6108  clr_optimization_v4.0.30319_64 - ok
17:27:32.0337 6108  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:27:32.0384 6108  CmBatt - ok
17:27:32.0415 6108  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:27:32.0431 6108  cmdide - ok
17:27:32.0477 6108  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:27:32.0540 6108  CNG - ok
17:27:32.0571 6108  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:27:32.0587 6108  Compbatt - ok
17:27:32.0618 6108  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:27:32.0680 6108  CompositeBus - ok
17:27:32.0696 6108  COMSysApp - ok
17:27:32.0727 6108  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:27:32.0743 6108  crcdisk - ok
17:27:32.0789 6108  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:27:32.0821 6108  CryptSvc - ok
17:27:32.0867 6108  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:27:32.0977 6108  DcomLaunch - ok
17:27:33.0008 6108  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:27:33.0055 6108  defragsvc - ok
17:27:33.0148 6108  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:27:33.0257 6108  DfsC - ok
17:27:33.0304 6108  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:27:33.0382 6108  Dhcp - ok
17:27:33.0413 6108  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:27:33.0476 6108  discache - ok
17:27:33.0523 6108  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:27:33.0538 6108  Disk - ok
17:27:33.0569 6108  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:27:33.0632 6108  Dnscache - ok
17:27:33.0679 6108  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:27:33.0741 6108  dot3svc - ok
17:27:33.0772 6108  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:27:33.0819 6108  DPS - ok
17:27:33.0850 6108  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:27:33.0881 6108  drmkaud - ok
17:27:33.0944 6108  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:27:34.0037 6108  DXGKrnl - ok
17:27:34.0069 6108  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:27:34.0115 6108  EapHost - ok
17:27:34.0225 6108  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:27:34.0365 6108  ebdrv - ok
17:27:34.0459 6108  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:27:34.0505 6108  eeCtrl - ok
17:27:34.0537 6108  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:27:34.0615 6108  EFS - ok
17:27:34.0708 6108  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:27:34.0817 6108  ehRecvr - ok
17:27:34.0864 6108  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:27:34.0942 6108  ehSched - ok
17:27:35.0020 6108  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:27:35.0067 6108  elxstor - ok
17:27:35.0161 6108  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:27:35.0192 6108  EraserUtilRebootDrv - ok
17:27:35.0223 6108  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:27:35.0270 6108  ErrDev - ok
17:27:35.0332 6108  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
17:27:35.0379 6108  ETD - ok
17:27:35.0441 6108  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:27:35.0504 6108  EventSystem - ok
17:27:35.0519 6108  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:27:35.0566 6108  exfat - ok
17:27:35.0597 6108  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:27:35.0660 6108  fastfat - ok
17:27:35.0707 6108  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:27:35.0800 6108  Fax - ok
17:27:35.0831 6108  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:27:35.0878 6108  fdc - ok
17:27:35.0941 6108  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:27:35.0987 6108  fdPHost - ok
17:27:36.0019 6108  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:27:36.0081 6108  FDResPub - ok
17:27:36.0097 6108  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:27:36.0143 6108  FileInfo - ok
17:27:36.0175 6108  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:27:36.0221 6108  Filetrace - ok
17:27:36.0237 6108  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:27:36.0268 6108  flpydisk - ok
17:27:36.0315 6108  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:27:36.0346 6108  FltMgr - ok
17:27:36.0409 6108  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:27:36.0502 6108  FontCache - ok
17:27:36.0549 6108  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:27:36.0580 6108  FontCache3.0.0.0 - ok
17:27:36.0596 6108  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:27:36.0611 6108  FsDepends - ok
17:27:36.0658 6108  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:27:36.0689 6108  fssfltr - ok
17:27:36.0752 6108  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:27:36.0845 6108  fsssvc - ok
17:27:36.0877 6108  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:27:36.0892 6108  Fs_Rec - ok
17:27:36.0939 6108  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:27:36.0970 6108  fvevol - ok
17:27:37.0001 6108  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:27:37.0033 6108  gagp30kx - ok
17:27:37.0079 6108  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:27:37.0173 6108  gpsvc - ok
17:27:37.0251 6108  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:27:37.0267 6108  gusvc - ok
17:27:37.0298 6108  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:27:37.0376 6108  hcw85cir - ok
17:27:37.0423 6108  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:27:37.0469 6108  HdAudAddService - ok
17:27:37.0516 6108  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:27:37.0547 6108  HDAudBus - ok
17:27:37.0594 6108  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
17:27:37.0610 6108  HECIx64 - ok
17:27:37.0625 6108  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:27:37.0657 6108  HidBatt - ok
17:27:37.0672 6108  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:27:37.0719 6108  HidBth - ok
17:27:37.0735 6108  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:27:37.0766 6108  HidIr - ok
17:27:37.0781 6108  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:27:37.0844 6108  hidserv - ok
17:27:37.0906 6108  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:27:37.0937 6108  HidUsb - ok
17:27:38.0000 6108  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:27:38.0078 6108  hkmsvc - ok
17:27:38.0125 6108  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:27:38.0187 6108  HomeGroupListener - ok
17:27:38.0234 6108  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:27:38.0281 6108  HomeGroupProvider - ok
17:27:38.0312 6108  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:27:38.0327 6108  HpSAMD - ok
17:27:38.0374 6108  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:27:38.0437 6108  HTTP - ok
17:27:38.0499 6108  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:27:38.0515 6108  hwpolicy - ok
17:27:38.0546 6108  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:27:38.0561 6108  i8042prt - ok
17:27:38.0608 6108  [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:27:38.0624 6108  iaStor - ok
17:27:38.0639 6108  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:27:38.0671 6108  iaStorV - ok
17:27:38.0749 6108  [ 86B750CC384F3A8B8C1D12F3188307AE ] ICQ Service     C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
17:27:38.0764 6108  ICQ Service - ok
17:27:38.0827 6108  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:27:38.0889 6108  idsvc - ok
17:27:38.0998 6108  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20130118.001\IDSvia64.sys
17:27:39.0045 6108  IDSVia64 - ok
17:27:39.0263 6108  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:27:39.0607 6108  igfx - ok
17:27:39.0638 6108  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:27:39.0653 6108  iirsp - ok
17:27:39.0700 6108  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:27:39.0794 6108  IKEEXT - ok
17:27:39.0825 6108  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
17:27:39.0872 6108  Impcd - ok
17:27:39.0965 6108  [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:27:40.0043 6108  IntcAzAudAddService - ok
17:27:40.0090 6108  [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:27:40.0137 6108  IntcDAud - ok
17:27:40.0215 6108  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:27:40.0246 6108  intelide - ok
17:27:40.0277 6108  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:27:40.0324 6108  intelppm - ok
17:27:40.0371 6108  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:27:40.0433 6108  IPBusEnum - ok
17:27:40.0465 6108  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:27:40.0543 6108  IpFilterDriver - ok
17:27:40.0589 6108  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:27:40.0667 6108  iphlpsvc - ok
17:27:40.0683 6108  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:27:40.0730 6108  IPMIDRV - ok
17:27:40.0761 6108  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:27:40.0839 6108  IPNAT - ok
17:27:40.0870 6108  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:27:40.0964 6108  IRENUM - ok
17:27:40.0995 6108  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:27:41.0011 6108  isapnp - ok
17:27:41.0057 6108  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:27:41.0073 6108  iScsiPrt - ok
17:27:41.0089 6108  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:27:41.0104 6108  kbdclass - ok
17:27:41.0135 6108  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:27:41.0167 6108  kbdhid - ok
17:27:41.0213 6108  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
17:27:41.0245 6108  kbfiltr - ok
17:27:41.0276 6108  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:27:41.0291 6108  KeyIso - ok
17:27:41.0338 6108  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:27:41.0385 6108  KSecDD - ok
17:27:41.0416 6108  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:27:41.0447 6108  KSecPkg - ok
17:27:41.0494 6108  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:27:41.0541 6108  ksthunk - ok
17:27:41.0588 6108  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:27:41.0666 6108  KtmRm - ok
17:27:41.0697 6108  [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
17:27:41.0744 6108  L1C - ok
17:27:41.0791 6108  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:27:41.0853 6108  LanmanServer - ok
17:27:41.0869 6108  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:27:41.0931 6108  LanmanWorkstation - ok
17:27:41.0978 6108  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:27:42.0056 6108  lltdio - ok
17:27:42.0087 6108  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:27:42.0181 6108  lltdsvc - ok
17:27:42.0196 6108  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:27:42.0259 6108  lmhosts - ok
17:27:42.0321 6108  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:27:42.0352 6108  LMS ( UnsignedFile.Multi.Generic ) - warning
17:27:42.0352 6108  LMS - detected UnsignedFile.Multi.Generic (1)
17:27:42.0399 6108  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:27:42.0430 6108  LSI_FC - ok
17:27:42.0461 6108  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:27:42.0477 6108  LSI_SAS - ok
17:27:42.0477 6108  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:27:42.0493 6108  LSI_SAS2 - ok
17:27:42.0508 6108  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:27:42.0524 6108  LSI_SCSI - ok
17:27:42.0539 6108  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:27:42.0602 6108  luafv - ok
17:27:42.0633 6108  [ 085435AE1A124361304044029B5CC644 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
17:27:42.0664 6108  lullaby - ok
17:27:42.0711 6108  [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
17:27:42.0758 6108  MarvinBus - ok
17:27:42.0820 6108  [ 066991E50A5CBBEEFB2EC6880069CDB5 ] MAUSBFASTTRACKPRO C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
17:27:42.0836 6108  MAUSBFASTTRACKPRO - ok
17:27:42.0945 6108  [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
17:27:42.0976 6108  McComponentHostService - ok
17:27:43.0007 6108  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:27:43.0039 6108  Mcx2Svc - ok
17:27:43.0070 6108  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:27:43.0085 6108  megasas - ok
17:27:43.0101 6108  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:27:43.0117 6108  MegaSR - ok
17:27:43.0226 6108  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:27:43.0273 6108  Microsoft Office Groove Audit Service - ok
17:27:43.0304 6108  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:27:43.0397 6108  MMCSS - ok
17:27:43.0413 6108  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:27:43.0475 6108  Modem - ok
17:27:43.0507 6108  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:27:43.0522 6108  monitor - ok
17:27:43.0569 6108  [ C94A2EA3FDFA5D650884926B710B7DB1 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
17:27:43.0631 6108  motccgp - ok
17:27:43.0647 6108  [ D51E009BAEDA07EBC107D49D224C2414 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
17:27:43.0709 6108  motccgpfl - ok
17:27:43.0725 6108  MotDev - ok
17:27:43.0756 6108  [ 060F0EF84F430802DF3788F3DCFD009C ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
17:27:43.0834 6108  motmodem - ok
17:27:43.0912 6108  [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper      C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
17:27:43.0928 6108  MotoHelper - ok
17:27:43.0943 6108  [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
17:27:43.0959 6108  MotoSwitchService - ok
17:27:43.0990 6108  [ 87701078C3F720AC7A028E937994CC49 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
17:27:44.0037 6108  Motousbnet - ok
17:27:44.0068 6108  [ D075B1D964A314D240F5498773EE89DF ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
17:27:44.0177 6108  motusbdevice - ok
17:27:44.0209 6108  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:27:44.0224 6108  mouclass - ok
17:27:44.0255 6108  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:27:44.0287 6108  mouhid - ok
17:27:44.0333 6108  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:27:44.0349 6108  mountmgr - ok
17:27:44.0443 6108  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:27:44.0489 6108  MozillaMaintenance - ok
17:27:44.0505 6108  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:27:44.0521 6108  mpio - ok
17:27:44.0552 6108  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:27:44.0599 6108  mpsdrv - ok
17:27:44.0645 6108  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:27:44.0739 6108  MpsSvc - ok
17:27:44.0770 6108  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:27:44.0801 6108  MRxDAV - ok
17:27:44.0833 6108  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:27:44.0895 6108  mrxsmb - ok
17:27:44.0926 6108  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:27:44.0957 6108  mrxsmb10 - ok
17:27:44.0973 6108  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:27:45.0035 6108  mrxsmb20 - ok
17:27:45.0051 6108  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:27:45.0067 6108  msahci - ok
17:27:45.0098 6108  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:27:45.0113 6108  msdsm - ok
17:27:45.0145 6108  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:27:45.0223 6108  MSDTC - ok
17:27:45.0269 6108  [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
17:27:45.0316 6108  MSDV - ok
17:27:45.0347 6108  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:27:45.0425 6108  Msfs - ok
17:27:45.0457 6108  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:27:45.0550 6108  mshidkmdf - ok
17:27:45.0581 6108  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:27:45.0613 6108  msisadrv - ok
17:27:45.0659 6108  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:27:45.0722 6108  MSiSCSI - ok
17:27:45.0722 6108  msiserver - ok
17:27:45.0753 6108  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:27:45.0800 6108  MSKSSRV - ok
17:27:45.0831 6108  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:27:45.0878 6108  MSPCLOCK - ok
17:27:45.0893 6108  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:27:45.0956 6108  MSPQM - ok
17:27:45.0987 6108  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:27:46.0003 6108  MsRPC - ok
17:27:46.0049 6108  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:27:46.0049 6108  mssmbios - ok
17:27:46.0081 6108  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:27:46.0127 6108  MSTEE - ok
17:27:46.0159 6108  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:27:46.0205 6108  MTConfig - ok
17:27:46.0237 6108  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:27:46.0252 6108  MTsensor - ok
17:27:46.0268 6108  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:27:46.0299 6108  Mup - ok
17:27:46.0330 6108  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:27:46.0393 6108  napagent - ok
17:27:46.0455 6108  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:27:46.0502 6108  NativeWifiP - ok
17:27:46.0627 6108  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130120.018\ENG64.SYS
17:27:46.0642 6108  NAVENG - ok
17:27:46.0705 6108  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130120.018\EX64.SYS
17:27:46.0798 6108  NAVEX15 - ok
17:27:46.0861 6108  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:27:46.0923 6108  NDIS - ok
17:27:46.0954 6108  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:27:47.0032 6108  NdisCap - ok
17:27:47.0063 6108  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:27:47.0110 6108  NdisTapi - ok
17:27:47.0173 6108  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:27:47.0235 6108  Ndisuio - ok
17:27:47.0282 6108  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:27:47.0360 6108  NdisWan - ok
17:27:47.0375 6108  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:27:47.0407 6108  NDProxy - ok
17:27:47.0438 6108  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:27:47.0516 6108  NetBIOS - ok
17:27:47.0547 6108  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:27:47.0625 6108  NetBT - ok
17:27:47.0641 6108  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:27:47.0641 6108  Netlogon - ok
17:27:47.0687 6108  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:27:47.0781 6108  Netman - ok
17:27:47.0812 6108  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:27:47.0875 6108  netprofm - ok
17:27:47.0906 6108  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:27:47.0921 6108  NetTcpPortSharing - ok
17:27:47.0953 6108  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:27:47.0968 6108  nfrd960 - ok
17:27:48.0062 6108  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
17:27:48.0077 6108  NIS - ok
17:27:48.0140 6108  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:27:48.0187 6108  NlaSvc - ok
17:27:48.0202 6108  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:27:48.0265 6108  Npfs - ok
17:27:48.0311 6108  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:27:48.0389 6108  nsi - ok
17:27:48.0405 6108  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:27:48.0483 6108  nsiproxy - ok
17:27:48.0545 6108  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:27:48.0639 6108  Ntfs - ok
17:27:48.0655 6108  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:27:48.0701 6108  Null - ok
17:27:48.0733 6108  [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:27:48.0764 6108  nusb3hub - ok
17:27:48.0795 6108  [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:27:48.0826 6108  nusb3xhc - ok
17:27:49.0076 6108  [ 1001D089E679ADC6A208CEFBDD2BFF5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:27:49.0435 6108  nvlddmkm - ok
17:27:49.0466 6108  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:27:49.0481 6108  nvraid - ok
17:27:49.0497 6108  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:27:49.0513 6108  nvstor - ok
17:27:49.0559 6108  [ DCAD177B32E7D976E449983DFCCADE67 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:27:49.0591 6108  nvsvc - ok
17:27:49.0622 6108  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:27:49.0637 6108  nv_agp - ok
17:27:49.0715 6108  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:27:49.0747 6108  odserv - ok
17:27:49.0762 6108  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:27:49.0778 6108  ohci1394 - ok
17:27:49.0856 6108  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
17:27:49.0871 6108  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
17:27:49.0871 6108  OMSI download service - detected UnsignedFile.Multi.Generic (1)
17:27:49.0934 6108  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:49.0965 6108  ose - ok
17:27:50.0199 6108  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:27:50.0386 6108  osppsvc - ok
17:27:50.0417 6108  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:27:50.0511 6108  p2pimsvc - ok
17:27:50.0558 6108  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:27:50.0605 6108  p2psvc - ok
17:27:50.0636 6108  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:27:50.0683 6108  Parport - ok
17:27:50.0714 6108  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:27:50.0745 6108  partmgr - ok
17:27:50.0776 6108  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:27:50.0839 6108  PcaSvc - ok
17:27:50.0870 6108  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:27:50.0885 6108  pci - ok
17:27:50.0901 6108  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:27:50.0917 6108  pciide - ok
17:27:50.0932 6108  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:27:50.0979 6108  pcmcia - ok
17:27:50.0995 6108  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:27:51.0010 6108  pcw - ok
17:27:51.0041 6108  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:27:51.0104 6108  PEAUTH - ok
17:27:51.0213 6108  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:27:51.0275 6108  PerfHost - ok
17:27:51.0322 6108  [ 0050E6BEC926C98AC6C16714FF1AD450 ] PinnacleMarvinAVS C:\Windows\system32\DRIVERS\MarvinAVS64.sys
17:27:51.0400 6108  PinnacleMarvinAVS - ok
17:27:51.0463 6108  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:27:51.0572 6108  pla - ok
17:27:51.0619 6108  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:27:51.0697 6108  PlugPlay - ok
17:27:51.0743 6108  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:27:51.0759 6108  PNRPAutoReg - ok
17:27:51.0775 6108  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:27:51.0806 6108  PNRPsvc - ok
17:27:51.0837 6108  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:27:51.0931 6108  PolicyAgent - ok
17:27:51.0962 6108  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:27:52.0024 6108  Power - ok
17:27:52.0071 6108  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:27:52.0149 6108  PptpMiniport - ok
17:27:52.0180 6108  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:27:52.0211 6108  Processor - ok
17:27:52.0258 6108  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:27:52.0321 6108  ProfSvc - ok
17:27:52.0336 6108  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:27:52.0352 6108  ProtectedStorage - ok
17:27:52.0399 6108  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:27:52.0477 6108  Psched - ok
17:27:52.0523 6108  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:27:52.0586 6108  ql2300 - ok
17:27:52.0601 6108  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:27:52.0617 6108  ql40xx - ok
17:27:52.0648 6108  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:27:52.0711 6108  QWAVE - ok
17:27:52.0726 6108  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:27:52.0757 6108  QWAVEdrv - ok
17:27:52.0773 6108  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:27:52.0867 6108  RasAcd - ok
17:27:52.0898 6108  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:27:52.0945 6108  RasAgileVpn - ok
17:27:52.0976 6108  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:27:53.0038 6108  RasAuto - ok
17:27:53.0085 6108  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:27:53.0132 6108  Rasl2tp - ok
17:27:53.0179 6108  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:27:53.0241 6108  RasMan - ok
17:27:53.0272 6108  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:27:53.0335 6108  RasPppoe - ok
17:27:53.0350 6108  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:27:53.0397 6108  RasSstp - ok
17:27:53.0444 6108  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:27:53.0506 6108  rdbss - ok
17:27:53.0537 6108  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:27:53.0569 6108  rdpbus - ok
17:27:53.0584 6108  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:27:53.0678 6108  RDPCDD - ok
17:27:53.0709 6108  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:27:53.0787 6108  RDPENCDD - ok
17:27:53.0803 6108  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:27:53.0849 6108  RDPREFMP - ok
17:27:53.0896 6108  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:27:53.0943 6108  RDPWD - ok
17:27:53.0990 6108  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:27:54.0005 6108  rdyboost - ok
17:27:54.0052 6108  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:27:54.0115 6108  RemoteAccess - ok
17:27:54.0161 6108  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:27:54.0239 6108  RemoteRegistry - ok
17:27:54.0333 6108  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:27:54.0380 6108  RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:27:54.0380 6108  RichVideo - detected UnsignedFile.Multi.Generic (1)
17:27:54.0427 6108  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:27:54.0489 6108  RpcEptMapper - ok
17:27:54.0520 6108  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:27:54.0583 6108  RpcLocator - ok
17:27:54.0614 6108  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:27:54.0661 6108  RpcSs - ok
17:27:54.0692 6108  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:27:54.0739 6108  rspndr - ok
17:27:54.0770 6108  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
17:27:54.0801 6108  s0016bus - ok
17:27:54.0817 6108  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
17:27:54.0832 6108  s0016mdfl - ok
17:27:54.0848 6108  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
17:27:54.0863 6108  s0016mdm - ok
17:27:54.0895 6108  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
17:27:54.0910 6108  s0016mgmt - ok
17:27:54.0941 6108  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
17:27:54.0957 6108  s0016nd5 - ok
17:27:55.0004 6108  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
17:27:55.0019 6108  s0016obex - ok
17:27:55.0035 6108  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
17:27:55.0051 6108  s0016unic - ok
17:27:55.0066 6108  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:27:55.0082 6108  SamSs - ok
17:27:55.0113 6108  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:27:55.0129 6108  sbp2port - ok
17:27:55.0238 6108  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:27:55.0300 6108  SBSDWSCService - ok
17:27:55.0331 6108  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:27:55.0378 6108  SCardSvr - ok
17:27:55.0409 6108  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:27:55.0472 6108  scfilter - ok
17:27:55.0534 6108  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:27:55.0643 6108  Schedule - ok
17:27:55.0675 6108  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:27:55.0706 6108  SCPolicySvc - ok
17:27:55.0721 6108  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:27:55.0799 6108  SDRSVC - ok
17:27:55.0924 6108  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Sven\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
17:27:55.0924 6108  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
17:27:55.0924 6108  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
17:27:55.0971 6108  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:27:56.0033 6108  secdrv - ok
17:27:56.0096 6108  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:27:56.0158 6108  seclogon - ok
17:27:56.0189 6108  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:27:56.0283 6108  SENS - ok
17:27:56.0314 6108  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:27:56.0377 6108  SensrSvc - ok
17:27:56.0392 6108  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:27:56.0423 6108  Serenum - ok
17:27:56.0439 6108  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:27:56.0455 6108  Serial - ok
17:27:56.0517 6108  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:27:56.0548 6108  sermouse - ok
17:27:56.0579 6108  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:27:56.0657 6108  SessionEnv - ok
17:27:56.0673 6108  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:27:56.0735 6108  sffdisk - ok
17:27:56.0735 6108  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:27:56.0767 6108  sffp_mmc - ok
17:27:56.0782 6108  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:27:56.0813 6108  sffp_sd - ok
17:27:56.0845 6108  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:27:56.0876 6108  sfloppy - ok
17:27:56.0907 6108  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:27:56.0985 6108  SharedAccess - ok
17:27:57.0016 6108  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:27:57.0079 6108  ShellHWDetection - ok
17:27:57.0110 6108  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
17:27:57.0141 6108  SiSGbeLH - ok
17:27:57.0172 6108  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:27:57.0219 6108  SiSRaid2 - ok
17:27:57.0235 6108  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:27:57.0250 6108  SiSRaid4 - ok
17:27:57.0266 6108  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:27:57.0328 6108  Smb - ok
17:27:57.0391 6108  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:27:57.0437 6108  SNMPTRAP - ok
17:27:57.0500 6108  [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
17:27:57.0609 6108  SNP2UVC - ok
17:27:57.0625 6108  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:27:57.0656 6108  spldr - ok
17:27:57.0687 6108  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:27:57.0781 6108  Spooler - ok
17:27:57.0874 6108  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:27:58.0061 6108  sppsvc - ok
17:27:58.0093 6108  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:27:58.0171 6108  sppuinotify - ok
17:27:58.0264 6108  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
17:27:58.0311 6108  SRTSP - ok
17:27:58.0327 6108  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
17:27:58.0342 6108  SRTSPX - ok
17:27:58.0373 6108  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:27:58.0483 6108  srv - ok
17:27:58.0498 6108  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:27:58.0561 6108  srv2 - ok
17:27:58.0592 6108  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:27:58.0623 6108  srvnet - ok
17:27:58.0685 6108  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:27:58.0763 6108  SSDPSRV - ok
17:27:58.0779 6108  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:27:58.0857 6108  SstpSvc - ok
17:27:58.0888 6108  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:27:58.0919 6108  stexstor - ok
17:27:58.0982 6108  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:27:59.0044 6108  stisvc - ok
17:27:59.0060 6108  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:27:59.0075 6108  swenum - ok
17:27:59.0122 6108  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:27:59.0231 6108  swprv - ok
17:27:59.0278 6108  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
17:27:59.0325 6108  SymDS - ok
17:27:59.0387 6108  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
17:27:59.0450 6108  SymEFA - ok
17:27:59.0481 6108  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:27:59.0497 6108  SymEvent - ok
17:27:59.0512 6108  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
17:27:59.0528 6108  SymIRON - ok
17:27:59.0575 6108  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
17:27:59.0621 6108  SymNetS - ok
17:27:59.0668 6108  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:27:59.0777 6108  SysMain - ok
17:27:59.0793 6108  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:27:59.0824 6108  TabletInputService - ok
17:27:59.0855 6108  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:27:59.0918 6108  TapiSrv - ok
17:27:59.0949 6108  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:28:00.0027 6108  TBS - ok
17:28:00.0136 6108  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:28:00.0230 6108  Tcpip - ok
17:28:00.0292 6108  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:28:00.0355 6108  TCPIP6 - ok
17:28:00.0370 6108  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:28:00.0401 6108  tcpipreg - ok
17:28:00.0448 6108  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:28:00.0495 6108  TDPIPE - ok
17:28:00.0511 6108  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:28:00.0542 6108  TDTCP - ok
17:28:00.0573 6108  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:28:00.0651 6108  tdx - ok
17:28:00.0776 6108  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
17:28:00.0901 6108  TeamViewer7 - ok
17:28:00.0947 6108  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:28:00.0979 6108  TermDD - ok
17:28:01.0041 6108  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:28:01.0119 6108  TermService - ok
17:28:01.0166 6108  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:28:01.0197 6108  Themes - ok
17:28:01.0228 6108  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:28:01.0275 6108  THREADORDER - ok
17:28:01.0353 6108  [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
17:28:01.0369 6108  TomTomHOMEService - ok
17:28:01.0415 6108  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:28:01.0493 6108  TrkWks - ok
17:28:01.0556 6108  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:28:01.0618 6108  TrustedInstaller - ok
17:28:01.0649 6108  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:28:01.0696 6108  tssecsrv - ok
17:28:01.0743 6108  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:28:01.0790 6108  TsUsbFlt - ok
17:28:01.0852 6108  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:28:01.0930 6108  tunnel - ok
17:28:01.0977 6108  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
17:28:02.0008 6108  TurboB - ok
17:28:02.0039 6108  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:28:02.0086 6108  TurboBoost - ok
17:28:02.0102 6108  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:28:02.0117 6108  uagp35 - ok
17:28:02.0149 6108  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:28:02.0242 6108  udfs - ok
17:28:02.0258 6108  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:28:02.0305 6108  UI0Detect - ok
17:28:02.0336 6108  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:28:02.0367 6108  uliagpkx - ok
17:28:02.0383 6108  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:28:02.0398 6108  umbus - ok
17:28:02.0445 6108  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:28:02.0461 6108  UmPass - ok
17:28:02.0570 6108  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:28:02.0663 6108  UNS ( UnsignedFile.Multi.Generic ) - warning
17:28:02.0663 6108  UNS - detected UnsignedFile.Multi.Generic (1)
17:28:02.0695 6108  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:28:02.0757 6108  upnphost - ok
17:28:02.0804 6108  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:28:02.0835 6108  usbaudio - ok
17:28:02.0851 6108  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:28:02.0897 6108  usbccgp - ok
17:28:02.0913 6108  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:28:02.0944 6108  usbcir - ok
17:28:02.0975 6108  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:28:03.0007 6108  usbehci - ok
17:28:03.0022 6108  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:28:03.0085 6108  usbhub - ok
17:28:03.0116 6108  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:28:03.0147 6108  usbohci - ok
17:28:03.0194 6108  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:28:03.0225 6108  usbprint - ok
17:28:03.0287 6108  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
17:28:03.0334 6108  usbser - ok
17:28:03.0365 6108  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:28:03.0428 6108  USBSTOR - ok
17:28:03.0459 6108  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:28:03.0490 6108  usbuhci - ok
17:28:03.0521 6108  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:28:03.0568 6108  usbvideo - ok
17:28:03.0615 6108  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:28:03.0693 6108  UxSms - ok
17:28:03.0724 6108  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:28:03.0740 6108  VaultSvc - ok
17:28:03.0818 6108  [ C30F3D43CEB6F79ADE9B805387E5F63C ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
17:28:03.0865 6108  VBoxDrv - ok
17:28:03.0911 6108  [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
17:28:03.0958 6108  VBoxNetAdp - ok
17:28:03.0989 6108  [ 7B657669C53A0E6583F07EBAA303D9EA ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
17:28:04.0005 6108  VBoxNetFlt - ok
17:28:04.0052 6108  [ CF3EE68CD9723E9F21E3198A0F690400 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
17:28:04.0067 6108  VBoxUSBMon - ok
17:28:04.0083 6108  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:28:04.0099 6108  vdrvroot - ok
17:28:04.0145 6108  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:28:04.0208 6108  vds - ok
17:28:04.0239 6108  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:28:04.0270 6108  vga - ok
17:28:04.0286 6108  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:28:04.0333 6108  VgaSave - ok
17:28:04.0379 6108  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:28:04.0395 6108  vhdmp - ok
17:28:04.0426 6108  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:28:04.0442 6108  viaide - ok
17:28:04.0457 6108  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:28:04.0473 6108  volmgr - ok
17:28:04.0520 6108  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:28:04.0567 6108  volmgrx - ok
17:28:04.0582 6108  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:28:04.0598 6108  volsnap - ok
17:28:04.0645 6108  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:28:04.0660 6108  vsmraid - ok
17:28:04.0707 6108  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:28:04.0816 6108  VSS - ok
17:28:04.0832 6108  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:28:04.0863 6108  vwifibus - ok
17:28:04.0894 6108  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:28:04.0941 6108  vwififlt - ok
17:28:04.0988 6108  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:28:05.0066 6108  W32Time - ok
17:28:05.0081 6108  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:28:05.0113 6108  WacomPen - ok
17:28:05.0175 6108  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:28:05.0253 6108  WANARP - ok
17:28:05.0269 6108  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:28:05.0300 6108  Wanarpv6 - ok
17:28:05.0362 6108  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:28:05.0456 6108  WatAdminSvc - ok
17:28:05.0534 6108  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:28:05.0643 6108  wbengine - ok
17:28:05.0690 6108  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:28:05.0721 6108  WbioSrvc - ok
17:28:05.0783 6108  [ 3A2D452C40162823B79867040B46D4A8 ] WCMVCAM         C:\Windows\system32\DRIVERS\wcmvcam64.sys
17:28:05.0861 6108  WCMVCAM - ok
17:28:05.0893 6108  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:28:05.0939 6108  wcncsvc - ok
17:28:05.0986 6108  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:28:06.0049 6108  WcsPlugInService - ok
17:28:06.0080 6108  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:28:06.0095 6108  Wd - ok
17:28:06.0142 6108  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:28:06.0205 6108  Wdf01000 - ok
17:28:06.0236 6108  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:28:06.0361 6108  WdiServiceHost - ok
17:28:06.0361 6108  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:28:06.0392 6108  WdiSystemHost - ok
17:28:06.0423 6108  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:28:06.0470 6108  WebClient - ok
17:28:06.0517 6108  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:28:06.0610 6108  Wecsvc - ok
17:28:06.0626 6108  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:28:06.0657 6108  wercplsupport - ok
17:28:06.0688 6108  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:28:06.0751 6108  WerSvc - ok
17:28:06.0782 6108  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:28:06.0813 6108  WfpLwf - ok
17:28:06.0860 6108  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
17:28:06.0907 6108  WimFltr - ok
17:28:06.0953 6108  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:28:06.0969 6108  WIMMount - ok
17:28:06.0985 6108  WinDefend - ok
17:28:07.0047 6108  [ 7922583C802203A54CDD47D9ECF028F2 ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
17:28:07.0109 6108  WinDriver6 - ok
17:28:07.0109 6108  WinHttpAutoProxySvc - ok
17:28:07.0172 6108  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:28:07.0250 6108  Winmgmt - ok
17:28:07.0312 6108  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:28:07.0437 6108  WinRM - ok
17:28:07.0499 6108  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:28:07.0546 6108  WinUsb - ok
17:28:07.0593 6108  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:28:07.0655 6108  Wlansvc - ok
17:28:07.0718 6108  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:28:07.0749 6108  wlcrasvc - ok
17:28:07.0921 6108  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:28:08.0014 6108  wlidsvc - ok
17:28:08.0045 6108  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:28:08.0077 6108  WmiAcpi - ok
17:28:08.0092 6108  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:28:08.0123 6108  wmiApSrv - ok
17:28:08.0170 6108  WMPNetworkSvc - ok
17:28:08.0201 6108  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:28:08.0248 6108  WPCSvc - ok
17:28:08.0295 6108  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:28:08.0311 6108  WPDBusEnum - ok
17:28:08.0342 6108  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:28:08.0404 6108  ws2ifsl - ok
17:28:08.0451 6108  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:28:08.0467 6108  wscsvc - ok
17:28:08.0467 6108  WSearch - ok
17:28:08.0560 6108  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:28:08.0638 6108  wuauserv - ok
17:28:08.0685 6108  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:28:08.0763 6108  WudfPf - ok
17:28:08.0825 6108  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:28:08.0857 6108  WUDFRd - ok
17:28:08.0888 6108  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:28:08.0935 6108  wudfsvc - ok
17:28:08.0966 6108  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:28:09.0059 6108  WwanSvc - ok
17:28:09.0106 6108  ================ Scan global ===============================
17:28:09.0122 6108  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:28:09.0153 6108  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:28:09.0169 6108  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:28:09.0200 6108  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:28:09.0247 6108  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:28:09.0247 6108  [Global] - ok
17:28:09.0247 6108  ================ Scan MBR ==================================
17:28:09.0262 6108  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:28:09.0886 6108  \Device\Harddisk0\DR0 - ok
17:28:09.0902 6108  [ 0FC081AAD7FE523990913EF7D5C14A3D ] \Device\Harddisk1\DR1
17:28:10.0339 6108  \Device\Harddisk1\DR1 - ok
17:28:10.0339 6108  ================ Scan VBR ==================================
17:28:10.0370 6108  [ 8CCBBE2EC21670DA70ECFEF916C97D59 ] \Device\Harddisk0\DR0\Partition1
17:28:10.0385 6108  \Device\Harddisk0\DR0\Partition1 - ok
17:28:10.0385 6108  [ 350DAEB7DEF8ECB3028AA54CBD90842D ] \Device\Harddisk0\DR0\Partition2
17:28:10.0401 6108  \Device\Harddisk0\DR0\Partition2 - ok
17:28:10.0401 6108  [ 7F2E0A76DE9DE7B1748303A3C5077E6D ] \Device\Harddisk1\DR1\Partition1
17:28:10.0401 6108  \Device\Harddisk1\DR1\Partition1 - ok
17:28:10.0401 6108  ============================================================
17:28:10.0401 6108  Scan finished
17:28:10.0401 6108  ============================================================
17:28:10.0417 6376  Detected object count: 7
17:28:10.0417 6376  Actual detected object count: 7
         

Alt 21.01.2013, 17:37   #8
markusg
/// Malware-holic
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



hi sieht unvollständig aus, hänge das log mal als txt an
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 17:39   #9
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Okay, komisch.

Alt 21.01.2013, 17:40   #10
markusg
/// Malware-holic
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



ok bitte anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 17:55   #11
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Das ist Grade schief gelaufen, zu groß.

Hab das ganze nun als .zip gemacht.
Angehängte Dateien
Dateityp: zip TDSSKiller.2.8.15.0_21.01.2013_17.25.56_log.zip (28,2 KB, 48x aufgerufen)

Alt 21.01.2013, 18:01   #12
markusg
/// Malware-holic
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



passt.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 18:52   #13
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Gemacht, Combofix hat selbst überings kein Neustart gemacht.. Habe den Laptop soeben selber neu gestartet.

Log:

Code:
ATTFilter
ComboFix 13-01-21.01 - Sven 21.01.2013  18:27:39.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3886.2061 [GMT 1:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
c:\programdata\hpe40BB.dll
c:\users\Sven\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-21 bis 2013-01-21  ))))))))))))))))))))))))))))))
.
.
2013-01-21 17:34 . 2013-01-21 17:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-20 14:34 . 2013-01-20 14:34	--------	d-----w-	c:\programdata\BrowserProtect
2013-01-20 14:34 . 2013-01-20 14:34	--------	d-----w-	c:\program files (x86)\BabylonToolbar
2013-01-20 14:22 . 2013-01-20 14:30	--------	d-----w-	c:\program files (x86)\ICQ7.5
2013-01-10 14:41 . 2013-01-13 20:54	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-09 20:59 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 20:59 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 20:57 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-09 20:56 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-09 20:56 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-01 15:04 . 2013-01-01 15:04	--------	d-----w-	c:\programdata\Babylon
2013-01-01 15:04 . 2013-01-01 15:04	--------	d-----w-	c:\users\Sven\AppData\Roaming\Babylon
2013-01-01 15:04 . 2011-03-25 21:42	338432	----a-w-	c:\windows\SysWow64\sqlite36_engine.dll
2013-01-01 15:04 . 2011-05-13 13:16	493056	----a-w-	c:\windows\SysWow64\dhRichClient3.dll
2013-01-01 15:04 . 2013-01-01 15:04	--------	d-----w-	c:\users\Sven\AppData\Roaming\DesktopIconForAmazon
2013-01-01 15:04 . 2013-01-01 15:04	--------	d-----w-	c:\users\Sven\AppData\Roaming\OCS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 13:39 . 2010-06-14 11:22	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 21:28 . 2012-04-03 15:18	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 21:28 . 2011-06-24 10:07	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 07:08	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 07:08	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 07:08	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 07:08	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 20:57	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 09:30	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:30	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:30	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:30	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:30	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:30	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:30	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:30	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:30	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:30	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:30	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:30	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:30	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:30	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:30	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:30	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:30	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:30	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:30	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:30	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:30	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:30	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 22:00	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 22:00	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-11-02 05:59 . 2012-12-12 21:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 21:59	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2009-04-08 18:31 . 2009-04-08 18:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
2012-10-26 18:15	92624	----a-w-	c:\program files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sven\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sven\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sven\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"*ForceDelete"="c:\users\Sven\Downloads\adwcleaner06.exe" [2013-01-20 574677]
.
c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sven\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-27 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 Avolites CITP Active Fixture;Avolites CITP Active Fixture;c:\program files (x86)\Avolites\CITP Active Fixture\Active Fixture Service.exe [2011-07-27 52224]
R3 Avolites Expert Usb;Avolites Expert Usb;c:\program files (x86)\Avolites\UsbExpert\UsbExpertService.exe [2011-10-10 8704]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 187912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys [2007-05-09 484736]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-11 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20130118.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-01-16 2550224]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Sven\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-01-20 40960]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 244736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Sven\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Sven\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Sven\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-15 17398376]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"Ocs_SM"="c:\users\Sven\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-20 106496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=109718&tt=0313_7&babsrc=HP_ss&mntrId=ca3579f4000000000000485b390c31df
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 80.69.100.102 80.69.100.214
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\
FF - ExtSQL: 2013-01-01 16:04; extension@preispilot.com; c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\extensions\extension@preispilot.com.xpi
FF - ExtSQL: 2013-01-01 16:04; firejump@firejump.net; c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\ifyysefm.default\extensions\firejump@firejump.net
FF - ExtSQL: 2013-01-20 16:34; {58bd07eb-0ee0-4df0-8121-dc9b693373df}; c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ca3579f4000000000000485b390c31df&q=
FF - user.js: extensions.BabylonToolbar.id - ca3579f4000000000000485b390c31df
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15725
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.215:39
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109718&tt=0313_7
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-BirdieSync - c:\program files (x86)\BirdieSync\BirdieSync.exe
Wow6432Node-HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-21  18:38:24
ComboFix-quarantined-files.txt  2013-01-21 17:38
.
Vor Suchlauf: 9 Verzeichnis(se), 19.664.158.720 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 19.854.356.480 Bytes frei
.
- - End Of File - - 6070B3E1B63CA385D1074B56EB3CB570
         

Alt 21.01.2013, 20:42   #14
markusg
/// Malware-holic
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 22:31   #15
Bim
 
Babylon Search im Firefox und IE - Standard

Babylon Search im Firefox und IE



Es wurde nichts gefunden, dem entsprechend auch nichts entfernt.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [Administrator]

Schutz: Aktiviert

21.01.2013 20:48:19
mbam-log-2013-01-21 (20-48-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 480791
Laufzeit: 1 Stunde(n), 40 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu Babylon Search im Firefox und IE
anhang, appdata, dateien, deinstallation, ebenfalls, einfach, firefox, fix, heute, home, internet, natürlich, nichts, problem, programme, programme und funktionen, recht, scan, search, seite, startseite, suchfunktion, system, verschiedene, warum, win, win7, ändern



Ähnliche Themen: Babylon Search im Firefox und IE


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 07.06.2014 (9)
  2. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  3. Babylon Search
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (11)
  4. Delta Search Babylon
    Log-Analyse und Auswertung - 28.05.2013 (14)
  5. Babylon Search nach Download auf yourfiledownloader.com
    Log-Analyse und Auswertung - 22.04.2013 (7)
  6. Babylon search entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (2)
  7. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  8. Babylon search beim starten von Firefox. Keine lösung hier gefunden. Help :)
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (3)
  9. Babylon Search
    Log-Analyse und Auswertung - 28.11.2012 (12)
  10. Babylon Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (8)
  11. Babylon Search und Minecraft Backdoor
    Log-Analyse und Auswertung - 08.10.2012 (21)
  12. Babylon Search Tool
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (23)
  13. babylon search entfernen adwcleaner_logfile
    Plagegeister aller Art und deren Bekämpfung - 08.09.2012 (12)
  14. Babylon Search im Firefox
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (44)
  15. Babylon Search bei Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (19)
  16. Babylon search in Firefox11
    Log-Analyse und Auswertung - 29.03.2012 (7)
  17. Malwareverdacht und Babylon Search
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (30)

Zum Thema Babylon Search im Firefox und IE - Hallo, ich habe mir heute(?) offensichtlich irgend etwas recht merkwürdiges eingefangen. Die Suchfunktion Babylon Search. Ich hatte schon angefangen mit verschiedenen Hinweisen aus dem Internet und eigen Ideen. So habe - Babylon Search im Firefox und IE...
Archiv
Du betrachtest: Babylon Search im Firefox und IE auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.