Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner - kein internet mehr möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.07.2012, 20:38   #1
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Hallo zusammen,
als ich heute morgen den Rechner gestartet habe bekam ich diese nette Meldung 100€ zahlen zu sollen, wie sie hier ja schon bekannt ist, und mein Rechner war vollkommen blockiert.

Zuerst hab ich direkt mal das Internet ausgestöpselt.
Der Rechner selber funktioniert, es scheinen keine Daten verschlüsselt worden zu sein. Einzig der Task-Manager lässt sich nicht öffnen, er schliesst sofort wieder. Sobalt ich das Internet wieder anstöpsel kommt die nette Meldung zurück und alles ist blockiert.

Zuerst habe ich volgende Anleitung durchgearbeitet: hxxp://www.chip.de/news/Bundespolizei-Virus-entfernen-PC-entsperren_50761972.html
aber Kaspersky WindowsUnlocker hat keinerlei Ergebnisse erbracht, es hat sich nichts verändert.

Danach habe ich hier angefangen zu lesen und offensichtlich habt ihr schon vielen mit selben oder ähnlichen Problemen weiterhelfen können
Da ich keinen Brenner zur verfügung habe (Minilaptop) schiebe ich momentan alles mit einem Stick hin und her. Daher kann ich leider nicht der am häufigsten angegebenen Anleitung folgen und habe es nun wie in einem anderen Thread (http://www.trojaner-board.de/119091-...-trojaner.html) zu sehen war versucht.

Malewarebytes ergab keine Funde.

Anhang:
- logfile Malewarebytes
- OTL.txt
- Extras.txt

Ich müsste dringend weiterarbeiten da mir ein Abgabetermin im nacken sitzt, hoffe hier gibts jemanden der mich retten kann
Angehängte Dateien
Dateityp: txt mbam-log-2012-07-21 (16-13-24).txt (2,2 KB, 192x aufgerufen)
Dateityp: txt OTL.Txt (63,8 KB, 219x aufgerufen)
Dateityp: txt Extras.Txt (82,7 KB, 183x aufgerufen)

Alt 21.07.2012, 23:51   #2
t'john
/// Helfer-Team
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) 
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) 
MOD - C:\Users\Ce\AppData\Local\Temp\rool0_pk.exe () 
SRV - (Vcp4frarbbum) -- File not found 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{08AF6EED-308C-4045-9661-3FFDA5EE3084}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} 
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = http://search.kikin.com/search/?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" 
FF - prefs.js..browser.search.defaulturl: "" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "www.google.de" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found 
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [KONICA MINOLTA magicolor2300WStatusDisplay] C:\Windows\System32\MSTMON_P.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) 
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Ce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2002.09.30 07:33:16 | 000,126,976 | R--- | M] (InstallShield Software Corporation) 
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
[2012.07.03 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot 
[2012.07.03 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar 
[2012.07.03 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater 
[2012.07.21 19:20:14 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.21 19:20:13 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.21 15:57:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad 
[2012.07.20 20:09:52 | 000,001,881 | ---- | M] () -- C:\Users\Ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 22.07.2012, 00:28   #3
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Hallo t'john, dank dir erstmal
Ich habe das ganze durchgeführt.
Während des Fixens versuchte der IE zu öffnen was ohne Netzverbindung natürlich fehlschlug, der Neustart danach war automatisch und dauerte während des hochfahrens sehr lange.

Der Taskmanager lässt sich wieder öffnen. Internet habe ich noch nicht wieder angeschlossen, damit warte ich lieber noch bis zu deinem OK ^^


Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Vcp4frarbbum stopped successfully!
Service Vcp4frarbbum deleted successfully!
File  File not found not found.
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08AF6EED-308C-4045-9661-3FFDA5EE3084}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08AF6EED-308C-4045-9661-3FFDA5EE3084}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KONICA MINOLTA magicolor2300WStatusDisplay deleted successfully.
C:\Windows\System32\MSTMON_P.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Ce\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b54c8628-3f46-11df-991c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b54c8628-3f46-11df-991c-806e6f6e6963}\ not found.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
C:\Windows\System32\tmp247C.tmp deleted successfully.
C:\Windows\System32\tmp248D.tmp deleted successfully.
C:\Windows\System32\tmp5B3A.tmp deleted successfully.
C:\Windows\System32\tmp5B3B.tmp deleted successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\6.0 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\kp_0loor.pad moved successfully.
C:\Users\Ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ce\Desktop\cmd.bat deleted successfully.
C:\Users\Ce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ce
->Temp folder emptied: 42001966 bytes
->Temporary Internet Files folder emptied: 143615502 bytes
->Java cache emptied: 55037256 bytes
->FireFox cache emptied: 926068854 bytes
->Flash cache emptied: 75399249 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17705422 bytes
RecycleBin emptied: 11994858 bytes
 
Total Files Cleaned = 1.213,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Ce
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: postgres
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07212012_235817

Files\Folders moved on Reboot...
File move failed. D:\Setup.exe scheduled to be moved on reboot.
C:\Users\Ce\AppData\Local\Temp\rool0_pk.exe moved successfully.
File\Folder C:\Users\Ce\AppData\Local\Temp\~DF0DCE99F16CEC9BC1.TMP not found!
File\Folder C:\Users\Ce\AppData\Local\Temp\~DF61CD0B5CCD9D81CB.TMP not found!
C:\Users\Ce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2002.09.30 07:33:16 | 000,126,976 | R--- | M] (InstallShield Software Corporation) D:\Setup.exe : MD5=468D6E941908249C18D1C3479BE2DC6D
File C:\Users\Ce\AppData\Local\Temp\rool0_pk.exe not found!
File C:\Users\Ce\AppData\Local\Temp\~DF0DCE99F16CEC9BC1.TMP not found!
File C:\Users\Ce\AppData\Local\Temp\~DF61CD0B5CCD9D81CB.TMP not found!
File C:\Users\Ce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
[2012.07.22 00:04:06 | 008,405,015 | ---- | M] () C:\Windows\temp\hlktmp : Unable to obtain MD5

Registry entries deleted on Reboot...
         
__________________

Alt 22.07.2012, 00:46   #4
t'john
/// Helfer-Team
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Sehr gut!

Wie laeuft der Rechner?

Internet wieder einschalten!

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.07.2012, 12:03   #5
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



moinmoin,
der Rechner läuft super, bisher keine Probleme festgestellt.
Der Task Manager ist wunderbar aufgeräumt, nun kann ich mal (fast) alle laufenden Prozesse identifizieren.

Malwarebytes aktuallisiert und laufen gelassen genau wie adwcleaner, hier die beiden logs:

Malewarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ce :: CE-HOME [Administrator]

Schutz: Aktiviert

22.07.2012 10:17:20
mbam-log-2012-07-22 (10-17-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 499501
Laufzeit: 1 Stunde(n), 20 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\07212012_235817\C_Users\Ce\AppData\Local\Temp\rool0_pk.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
adwcleaner
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/22/2012 at 11:52:08
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Ce - CE-HOME
# Running from : C:\Users\Ce\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Ce\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ce\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Ce\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Ce\AppData\Roaming\kikin
Folder Found : C:\Users\Ce\AppData\Roaming\pdfforge
Folder Found : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\SweetIMToolbarData
Folder Found : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\extensions\staged
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files\kikin
File Found : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\searchplugins\SweetIm.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\prefs.js

Found : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2504091.CTID", "CT2504091");
Found : user_pref("CT2504091.CurrentServerDate", "4-2-2010");
Found : user_pref("CT2504091.DialogsAlignMode", "LTR");
Found : user_pref("CT2504091.EMailNotifierPollDate", "Thu Feb 04 2010 16:07:11 GMT+0100");
Found : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Found : user_pref("CT2504091.FeedPollDate128891351169457132", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Found : user_pref("CT2504091.FirstServerDate", "4-2-2010");
Found : user_pref("CT2504091.FirstTime", true);
Found : user_pref("CT2504091.FirstTimeFF3", true);
Found : user_pref("CT2504091.FixPageNotFoundErrors", true);
Found : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2504091.Initialize", true);
Found : user_pref("CT2504091.InitializeCommonPrefs", true);
Found : user_pref("CT2504091.InstalledDate", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.IsGrouping", false);
Found : user_pref("CT2504091.IsMulticommunity", false);
Found : user_pref("CT2504091.IsOpenThankYouPage", false);
Found : user_pref("CT2504091.IsOpenUninstallPage", false);
Found : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Feb 04 2010 16:07:11 GMT+0100");
Found : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2504091.LastLogin_2.5.6.0", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Found : user_pref("CT2504091.Locale", "en-us");
Found : user_pref("CT2504091.LoginCache", 4);
Found : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Found : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Found : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Found : user_pref("CT2504091.SearchInNewTabEnabled", true);
Found : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Found : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2504091.SettingsLastCheckTime", "Thu Feb 04 2010 16:07:08 GMT+0100");
Found : user_pref("CT2504091.SettingsLastUpdate", "1264532448");
Found : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Feb 04 2010 16:07:08 GMT+0100");
Found : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1264532448");
Found : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2504091.UserID", "UN74707214767359199");
Found : user_pref("CT2504091.alertChannelId", "897164");
Found : user_pref("CT2504091.clientLogIsEnabled", false);
Found : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2504091.myStuffEnabled", true);
Found : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2504091.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Found : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

*************************

AdwCleaner[R1].txt - [8984 octets] - [22/07/2012 11:52:08]

########## EOF - C:\AdwCleaner[R1].txt - [9112 octets] ##########
         


Alt 22.07.2012, 18:55   #6
t'john
/// Helfer-Team
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> BKA Trojaner - kein internet mehr möglich

Alt 22.07.2012, 21:34   #7
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Auf zur nächsten runde ^^
Alles gemacht. Emsisoft noch offen, bisher nichts in Quarantäne geschoben.

adwcleaner
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/22/2012 at 19:32:43
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Ce - CE-HOME
# Running from : C:\Users\Ce\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Ce\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ce\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Ce\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ce\AppData\Roaming\kikin
Folder Deleted : C:\Users\Ce\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\SweetIMToolbarData
Folder Deleted : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\extensions\staged
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\kikin
File Deleted : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\searchplugins\SweetIm.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\prefs.js

C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\user.js ... Deleted !

Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "4-2-2010");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Thu Feb 04 2010 16:07:11 GMT+0100");
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457132", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "4-2-2010");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstalledDate", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Feb 04 2010 16:07:11 GMT+0100");
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_2.5.6.0", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.LoginCache", 4);
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Thu Feb 04 2010 16:07:08 GMT+0100");
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1264532448");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Feb 04 2010 16:07:08 GMT+0100");
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1264532448");
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2504091.UserID", "UN74707214767359199");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

*************************

AdwCleaner[R1].txt - [9113 octets] - [22/07/2012 11:52:08]
AdwCleaner[S1].txt - [9367 octets] - [22/07/2012 19:32:43]

########## EOF - C:\AdwCleaner[S1].txt - [9495 octets] ##########
         
Emsisoft
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.07.2012 19:56:23

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	22.07.2012 19:57:52

C:\_OTL\MovedFiles\07212012_235817\C_Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Windows\System32\LckFldService.exe 	gefunden: Riskware.RiskTool.Win32.LockFolder.a!E1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2f488edc-6496c9af -> ClassPol.class 	gefunden: Exploit.Java.CVE-2010-0094!E2
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2f488edc-6496c9af -> Cload.class 	gefunden: JAVA.Agent!E2
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe 	gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1

Gescannt	733611
Gefunden	9

Scan Ende:	22.07.2012 21:17:26
Scan Zeit:	1:19:34
         

Alt 22.07.2012, 21:56   #8
t'john
/// Helfer-Team
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.07.2012, 12:15   #9
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



huhu,
hat ein wenig gedauert aber nun bin ich wieder soweit. Alles ausgeführt

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b34501592902994a9910a958475334b4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 09:50:21
# local_time=2012-07-23 11:50:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 48020905 48020905 0 0
# compatibility_mode=5893 16776573 100 94 258378 94660341 0 0
# compatibility_mode=8192 67108863 100 0 245 245 0 0
# scanned=260970
# found=9
# cleaned=9
# scan_time=7874
C:\Windows\Installer\37a563.msi	a variant of Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 23.07.2012, 18:50   #10
t'john
/// Helfer-Team
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.07.2012, 20:11   #11
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



hmm, das Programm hat anders agiert als beschrieben.

Folgende Aktionen fanden nicht statt:
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.

Sicherheitshalber habe ich selber mal neugestartet.

hier noch der Logfile:
Code:
ATTFilter
19:51:08.0669 4060	TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
19:51:08.0918 4060	============================================================
19:51:08.0918 4060	Current date / time: 2012/07/23 19:51:08.0918
19:51:08.0918 4060	SystemInfo:
19:51:08.0918 4060	
19:51:08.0918 4060	OS Version: 6.1.7601 ServicePack: 1.0
19:51:08.0918 4060	Product type: Workstation
19:51:08.0918 4060	ComputerName: CE-HOME
19:51:08.0918 4060	UserName: Ce
19:51:08.0918 4060	Windows directory: C:\Windows
19:51:08.0919 4060	System windows directory: C:\Windows
19:51:08.0919 4060	Processor architecture: Intel x86
19:51:08.0919 4060	Number of processors: 2
19:51:08.0919 4060	Page size: 0x1000
19:51:08.0919 4060	Boot type: Normal boot
19:51:08.0919 4060	============================================================
19:51:09.0865 4060	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:51:09.0908 4060	============================================================
19:51:09.0908 4060	\Device\Harddisk0\DR0:
19:51:09.0908 4060	MBR partitions:
19:51:09.0908 4060	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542DAB0
19:51:09.0908 4060	============================================================
19:51:09.0950 4060	C: <-> \Device\Harddisk0\DR0\Partition0
19:51:09.0950 4060	============================================================
19:51:09.0950 4060	Initialize success
19:51:09.0950 4060	============================================================
19:51:31.0547 2600	============================================================
19:51:31.0547 2600	Scan started
19:51:31.0547 2600	Mode: Manual; 
19:51:31.0547 2600	============================================================
19:51:32.0043 2600	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:51:32.0046 2600	1394ohci - ok
19:51:32.0142 2600	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
19:51:32.0152 2600	acedrv11 - ok
19:51:32.0183 2600	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:51:32.0190 2600	ACPI - ok
19:51:32.0214 2600	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:51:32.0215 2600	AcpiPmi - ok
19:51:32.0308 2600	Adobe LM Service (f84c9dee4698df3c1d76801b7b1b55d7) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:51:32.0311 2600	Adobe LM Service - ok
19:51:32.0421 2600	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:51:32.0423 2600	AdobeARMservice - ok
19:51:32.0526 2600	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:51:32.0529 2600	AdobeFlashPlayerUpdateSvc - ok
19:51:32.0592 2600	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:51:32.0600 2600	adp94xx - ok
19:51:32.0622 2600	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:51:32.0628 2600	adpahci - ok
19:51:32.0666 2600	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:51:32.0678 2600	adpu320 - ok
19:51:32.0700 2600	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:51:32.0702 2600	AeLookupSvc - ok
19:51:32.0770 2600	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:51:32.0780 2600	AFD - ok
19:51:32.0811 2600	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:51:32.0813 2600	agp440 - ok
19:51:32.0859 2600	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:51:32.0860 2600	aic78xx - ok
19:51:33.0213 2600	Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
19:51:33.0214 2600	Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
19:51:33.0225 2600	Akamai ( HiddenFile.Multi.Generic ) - warning
19:51:33.0225 2600	Akamai - detected HiddenFile.Multi.Generic (1)
19:51:33.0379 2600	akshasp         (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
19:51:33.0389 2600	akshasp - ok
19:51:33.0451 2600	aksusb          (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
19:51:33.0452 2600	aksusb - ok
19:51:33.0506 2600	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:51:33.0507 2600	ALG - ok
19:51:33.0561 2600	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:51:33.0563 2600	aliide - ok
19:51:33.0589 2600	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:51:33.0591 2600	amdagp - ok
19:51:33.0611 2600	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:51:33.0612 2600	amdide - ok
19:51:33.0647 2600	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:51:33.0648 2600	AmdK8 - ok
19:51:33.0661 2600	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:51:33.0662 2600	AmdPPM - ok
19:51:33.0701 2600	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:51:33.0703 2600	amdsata - ok
19:51:33.0747 2600	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:51:33.0758 2600	amdsbs - ok
19:51:33.0778 2600	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:51:33.0780 2600	amdxata - ok
19:51:33.0833 2600	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:51:33.0835 2600	AppID - ok
19:51:33.0885 2600	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:51:33.0886 2600	AppIDSvc - ok
19:51:33.0933 2600	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:51:33.0935 2600	Appinfo - ok
19:51:33.0977 2600	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:51:33.0979 2600	arc - ok
19:51:34.0017 2600	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:51:34.0019 2600	arcsas - ok
19:51:34.0116 2600	aspnet_state    (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:51:34.0118 2600	aspnet_state - ok
19:51:34.0160 2600	aswFsBlk        (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
19:51:34.0161 2600	aswFsBlk - ok
19:51:34.0211 2600	aswMonFlt       (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
19:51:34.0213 2600	aswMonFlt - ok
19:51:34.0278 2600	aswRdr          (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
19:51:34.0279 2600	aswRdr - ok
19:51:34.0373 2600	aswSnx          (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
19:51:34.0384 2600	aswSnx - ok
19:51:34.0446 2600	aswSP           (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
19:51:34.0468 2600	aswSP - ok
19:51:34.0501 2600	aswTdi          (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
19:51:34.0503 2600	aswTdi - ok
19:51:34.0541 2600	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:34.0542 2600	AsyncMac - ok
19:51:34.0587 2600	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:51:34.0611 2600	atapi - ok
19:51:34.0702 2600	athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
19:51:34.0724 2600	athr - ok
19:51:34.0812 2600	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:51:34.0816 2600	AudioEndpointBuilder - ok
19:51:34.0824 2600	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:51:34.0827 2600	Audiosrv - ok
19:51:34.0955 2600	Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
19:51:34.0961 2600	Autodesk Licensing Service - ok
19:51:35.0029 2600	avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:51:35.0030 2600	avast! Antivirus - ok
19:51:35.0093 2600	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:51:35.0098 2600	AxInstSV - ok
19:51:35.0159 2600	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:51:35.0170 2600	b06bdrv - ok
19:51:35.0214 2600	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:51:35.0222 2600	b57nd60x - ok
19:51:35.0281 2600	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:51:35.0283 2600	BDESVC - ok
19:51:35.0298 2600	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:51:35.0301 2600	Beep - ok
19:51:35.0375 2600	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:51:35.0380 2600	BFE - ok
19:51:35.0453 2600	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:51:35.0525 2600	BITS - ok
19:51:35.0553 2600	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:35.0555 2600	blbdrive - ok
19:51:35.0586 2600	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:51:35.0587 2600	bowser - ok
19:51:35.0624 2600	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:51:35.0625 2600	BrFiltLo - ok
19:51:35.0646 2600	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:51:35.0647 2600	BrFiltUp - ok
19:51:35.0703 2600	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:51:35.0705 2600	Browser - ok
19:51:35.0739 2600	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:51:35.0747 2600	Brserid - ok
19:51:35.0772 2600	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:35.0774 2600	BrSerWdm - ok
19:51:35.0800 2600	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:35.0801 2600	BrUsbMdm - ok
19:51:35.0811 2600	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:35.0812 2600	BrUsbSer - ok
19:51:35.0920 2600	BrYNSvc         (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
19:51:35.0928 2600	BrYNSvc - ok
19:51:35.0948 2600	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:51:35.0949 2600	BTHMODEM - ok
19:51:35.0986 2600	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:51:35.0988 2600	bthserv - ok
19:51:36.0033 2600	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:51:36.0035 2600	cdfs - ok
19:51:36.0083 2600	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:51:36.0088 2600	cdrom - ok
19:51:36.0145 2600	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:51:36.0147 2600	CertPropSvc - ok
19:51:36.0172 2600	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:51:36.0173 2600	circlass - ok
19:51:36.0211 2600	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:51:36.0215 2600	CLFS - ok
19:51:36.0286 2600	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:36.0288 2600	clr_optimization_v2.0.50727_32 - ok
19:51:36.0411 2600	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:51:36.0449 2600	clr_optimization_v4.0.30319_32 - ok
19:51:36.0480 2600	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:36.0481 2600	CmBatt - ok
19:51:36.0512 2600	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:51:36.0513 2600	cmdide - ok
19:51:36.0557 2600	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
19:51:36.0569 2600	CNG - ok
19:51:36.0596 2600	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:51:36.0598 2600	Compbatt - ok
19:51:36.0638 2600	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:51:36.0640 2600	CompositeBus - ok
19:51:36.0654 2600	COMSysApp - ok
19:51:36.0664 2600	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:51:36.0666 2600	crcdisk - ok
19:51:36.0695 2600	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
19:51:36.0697 2600	CryptSvc - ok
19:51:36.0750 2600	dc3d            (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
19:51:36.0752 2600	dc3d - ok
19:51:36.0811 2600	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:51:36.0818 2600	DcomLaunch - ok
19:51:36.0854 2600	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:51:36.0863 2600	defragsvc - ok
19:51:36.0920 2600	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:51:36.0922 2600	DfsC - ok
19:51:36.0991 2600	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:51:36.0993 2600	Dhcp - ok
19:51:37.0019 2600	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:51:37.0021 2600	discache - ok
19:51:37.0058 2600	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:51:37.0060 2600	Disk - ok
19:51:37.0092 2600	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:51:37.0096 2600	Dnscache - ok
19:51:37.0151 2600	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:51:37.0160 2600	dot3svc - ok
19:51:37.0210 2600	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:51:37.0222 2600	DPS - ok
19:51:37.0253 2600	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:51:37.0254 2600	drmkaud - ok
19:51:37.0299 2600	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:51:37.0307 2600	dtsoftbus01 - ok
19:51:37.0367 2600	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:51:37.0377 2600	DXGKrnl - ok
19:51:37.0411 2600	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:51:37.0414 2600	EapHost - ok
19:51:37.0556 2600	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:51:37.0603 2600	ebdrv - ok
19:51:37.0700 2600	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:51:37.0703 2600	EFS - ok
19:51:37.0800 2600	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:51:37.0806 2600	ehRecvr - ok
19:51:37.0833 2600	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:51:37.0835 2600	ehSched - ok
19:51:37.0903 2600	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:51:37.0913 2600	elxstor - ok
19:51:37.0942 2600	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:51:37.0943 2600	ErrDev - ok
19:51:37.0990 2600	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:51:37.0997 2600	EventSystem - ok
19:51:38.0025 2600	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:51:38.0037 2600	exfat - ok
19:51:38.0059 2600	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:51:38.0070 2600	fastfat - ok
19:51:38.0140 2600	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:51:38.0149 2600	Fax - ok
19:51:38.0174 2600	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:51:38.0175 2600	fdc - ok
19:51:38.0203 2600	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:51:38.0206 2600	fdPHost - ok
19:51:38.0224 2600	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:51:38.0226 2600	FDResPub - ok
19:51:38.0253 2600	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:51:38.0255 2600	FileInfo - ok
19:51:38.0273 2600	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:51:38.0275 2600	Filetrace - ok
19:51:38.0426 2600	FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:51:38.0438 2600	FLEXnet Licensing Service - ok
19:51:38.0485 2600	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:38.0487 2600	flpydisk - ok
19:51:38.0553 2600	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:51:38.0560 2600	FltMgr - ok
19:51:38.0619 2600	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:51:38.0628 2600	FontCache - ok
19:51:38.0702 2600	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:51:38.0703 2600	FontCache3.0.0.0 - ok
19:51:38.0716 2600	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:51:38.0717 2600	FsDepends - ok
19:51:38.0736 2600	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:51:38.0738 2600	Fs_Rec - ok
19:51:38.0788 2600	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:51:38.0797 2600	fvevol - ok
19:51:38.0833 2600	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:51:38.0835 2600	gagp30kx - ok
19:51:38.0909 2600	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:51:38.0916 2600	gpsvc - ok
19:51:39.0009 2600	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:39.0011 2600	gupdate - ok
19:51:39.0025 2600	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:39.0027 2600	gupdatem - ok
19:51:39.0115 2600	hardlock        (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
19:51:39.0136 2600	hardlock - ok
19:51:39.0159 2600	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:51:39.0160 2600	hcw85cir - ok
19:51:39.0211 2600	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:51:39.0218 2600	HdAudAddService - ok
19:51:39.0254 2600	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:51:39.0256 2600	HDAudBus - ok
19:51:39.0274 2600	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:51:39.0276 2600	HidBatt - ok
19:51:39.0294 2600	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:51:39.0296 2600	HidBth - ok
19:51:39.0316 2600	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:51:39.0317 2600	HidIr - ok
19:51:39.0342 2600	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:51:39.0344 2600	hidserv - ok
19:51:39.0383 2600	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:51:39.0384 2600	HidUsb - ok
19:51:39.0430 2600	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:51:39.0435 2600	hkmsvc - ok
19:51:39.0491 2600	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:51:39.0501 2600	HomeGroupListener - ok
19:51:39.0549 2600	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:51:39.0560 2600	HomeGroupProvider - ok
19:51:39.0597 2600	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:51:39.0599 2600	HpSAMD - ok
19:51:39.0671 2600	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:51:39.0679 2600	HTTP - ok
19:51:39.0693 2600	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:51:39.0695 2600	hwpolicy - ok
19:51:39.0722 2600	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:51:39.0724 2600	i8042prt - ok
19:51:39.0769 2600	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:51:39.0782 2600	iaStorV - ok
19:51:39.0904 2600	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:51:39.0915 2600	idsvc - ok
19:51:40.0247 2600	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:51:40.0311 2600	igfx - ok
19:51:40.0442 2600	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:51:40.0443 2600	iirsp - ok
19:51:40.0526 2600	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:51:40.0562 2600	IKEEXT - ok
19:51:40.0741 2600	IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\Windows\system32\drivers\RTKVHDA.sys
19:51:40.0776 2600	IntcAzAudAddService - ok
19:51:40.0893 2600	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:51:40.0894 2600	intelide - ok
19:51:40.0929 2600	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:51:40.0931 2600	intelppm - ok
19:51:40.0961 2600	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:51:40.0966 2600	IPBusEnum - ok
19:51:40.0995 2600	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:40.0997 2600	IpFilterDriver - ok
19:51:41.0073 2600	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:51:41.0080 2600	iphlpsvc - ok
19:51:41.0094 2600	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:51:41.0096 2600	IPMIDRV - ok
19:51:41.0116 2600	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:51:41.0120 2600	IPNAT - ok
19:51:41.0150 2600	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:51:41.0151 2600	IRENUM - ok
19:51:41.0171 2600	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:51:41.0171 2600	isapnp - ok
19:51:41.0205 2600	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:51:41.0215 2600	iScsiPrt - ok
19:51:41.0244 2600	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:51:41.0246 2600	kbdclass - ok
19:51:41.0275 2600	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
19:51:41.0277 2600	kbdhid - ok
19:51:41.0309 2600	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:41.0311 2600	KeyIso - ok
19:51:41.0335 2600	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
19:51:41.0337 2600	KSecDD - ok
19:51:41.0357 2600	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
19:51:41.0370 2600	KSecPkg - ok
19:51:41.0398 2600	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:51:41.0404 2600	KtmRm - ok
19:51:41.0456 2600	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:51:41.0461 2600	LanmanServer - ok
19:51:41.0508 2600	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:51:41.0513 2600	LanmanWorkstation - ok
19:51:41.0659 2600	LBTServ         (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:51:41.0662 2600	LBTServ - ok
19:51:41.0682 2600	LckFldService - ok
19:51:41.0741 2600	LHidFilt        (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:51:41.0742 2600	LHidFilt - ok
19:51:41.0766 2600	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:51:41.0768 2600	lltdio - ok
19:51:41.0800 2600	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:51:41.0809 2600	lltdsvc - ok
19:51:41.0817 2600	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:51:41.0820 2600	lmhosts - ok
19:51:41.0826 2600	LMouFilt        (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:51:41.0827 2600	LMouFilt - ok
19:51:41.0863 2600	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:51:41.0869 2600	LSI_FC - ok
19:51:41.0902 2600	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:51:41.0904 2600	LSI_SAS - ok
19:51:41.0931 2600	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:51:41.0934 2600	LSI_SAS2 - ok
19:51:41.0952 2600	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:51:41.0957 2600	LSI_SCSI - ok
19:51:41.0969 2600	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:51:41.0971 2600	luafv - ok
19:51:42.0012 2600	massfilter      (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
19:51:42.0013 2600	massfilter - ok
19:51:42.0046 2600	MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
19:51:42.0047 2600	MBAMProtector - ok
19:51:42.0114 2600	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:51:42.0121 2600	MBAMService - ok
19:51:42.0177 2600	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:51:42.0183 2600	Mcx2Svc - ok
19:51:42.0214 2600	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:51:42.0217 2600	megasas - ok
19:51:42.0249 2600	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:51:42.0257 2600	MegaSR - ok
19:51:42.0353 2600	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:51:42.0355 2600	Microsoft Office Groove Audit Service - ok
19:51:42.0405 2600	MLPTDR_P        (457746da312920874015bad2f44c8d51) C:\Windows\system32\MLPTDR_P.sys
19:51:42.0408 2600	MLPTDR_P - ok
19:51:42.0438 2600	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:51:42.0441 2600	MMCSS - ok
19:51:42.0473 2600	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:51:42.0475 2600	Modem - ok
19:51:42.0504 2600	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:51:42.0505 2600	monitor - ok
19:51:42.0541 2600	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:51:42.0542 2600	mouclass - ok
19:51:42.0551 2600	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:51:42.0552 2600	mouhid - ok
19:51:42.0606 2600	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:51:42.0608 2600	mountmgr - ok
19:51:42.0693 2600	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:51:42.0695 2600	MozillaMaintenance - ok
19:51:42.0728 2600	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:51:42.0741 2600	mpio - ok
19:51:42.0776 2600	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:51:42.0778 2600	mpsdrv - ok
19:51:42.0855 2600	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:51:42.0861 2600	MpsSvc - ok
19:51:42.0913 2600	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:51:42.0918 2600	MRxDAV - ok
19:51:42.0983 2600	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:42.0987 2600	mrxsmb - ok
19:51:43.0027 2600	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:43.0036 2600	mrxsmb10 - ok
19:51:43.0057 2600	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:43.0062 2600	mrxsmb20 - ok
19:51:43.0090 2600	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:51:43.0091 2600	msahci - ok
19:51:43.0126 2600	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:51:43.0131 2600	msdsm - ok
19:51:43.0170 2600	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:51:43.0182 2600	MSDTC - ok
19:51:43.0221 2600	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:51:43.0223 2600	Msfs - ok
19:51:43.0233 2600	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:51:43.0235 2600	mshidkmdf - ok
19:51:43.0267 2600	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:51:43.0269 2600	msisadrv - ok
19:51:43.0303 2600	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:51:43.0315 2600	MSiSCSI - ok
19:51:43.0325 2600	msiserver - ok
19:51:43.0352 2600	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:51:43.0353 2600	MSKSSRV - ok
19:51:43.0373 2600	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:43.0374 2600	MSPCLOCK - ok
19:51:43.0399 2600	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:51:43.0401 2600	MSPQM - ok
19:51:43.0420 2600	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:51:43.0431 2600	MsRPC - ok
19:51:43.0469 2600	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:51:43.0471 2600	mssmbios - ok
19:51:43.0486 2600	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:51:43.0487 2600	MSTEE - ok
19:51:43.0501 2600	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:51:43.0502 2600	MTConfig - ok
19:51:43.0528 2600	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
19:51:43.0529 2600	MTsensor - ok
19:51:43.0551 2600	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:51:43.0552 2600	Mup - ok
19:51:43.0609 2600	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:51:43.0615 2600	napagent - ok
19:51:43.0653 2600	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:51:43.0660 2600	NativeWifiP - ok
19:51:43.0707 2600	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:51:43.0718 2600	NDIS - ok
19:51:43.0748 2600	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:51:43.0750 2600	NdisCap - ok
19:51:43.0779 2600	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:43.0781 2600	NdisTapi - ok
19:51:43.0838 2600	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:43.0839 2600	Ndisuio - ok
19:51:43.0895 2600	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:43.0900 2600	NdisWan - ok
19:51:43.0951 2600	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:51:43.0953 2600	NDProxy - ok
19:51:43.0977 2600	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:51:43.0978 2600	NetBIOS - ok
19:51:44.0032 2600	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:51:44.0043 2600	NetBT - ok
19:51:44.0075 2600	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:44.0078 2600	Netlogon - ok
19:51:44.0126 2600	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:51:44.0132 2600	Netman - ok
19:51:44.0165 2600	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:51:44.0172 2600	netprofm - ok
19:51:44.0254 2600	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:44.0265 2600	NetTcpPortSharing - ok
19:51:44.0304 2600	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:51:44.0306 2600	nfrd960 - ok
19:51:44.0379 2600	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:51:44.0384 2600	NlaSvc - ok
19:51:44.0426 2600	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:51:44.0428 2600	Npfs - ok
19:51:44.0460 2600	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:51:44.0464 2600	nsi - ok
19:51:44.0484 2600	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:51:44.0486 2600	nsiproxy - ok
19:51:44.0587 2600	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:51:44.0609 2600	Ntfs - ok
19:51:44.0730 2600	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:51:44.0732 2600	Null - ok
19:51:44.0787 2600	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:51:44.0801 2600	NVENETFD - ok
19:51:44.0842 2600	NVHDA           (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
19:51:44.0844 2600	NVHDA - ok
19:51:45.0369 2600	nvlddmkm        (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:51:45.0523 2600	nvlddmkm - ok
19:51:45.0657 2600	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:51:45.0659 2600	nvraid - ok
19:51:45.0675 2600	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:51:45.0677 2600	nvstor - ok
19:51:45.0769 2600	nvsvc           (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
19:51:45.0780 2600	nvsvc - ok
19:51:45.0995 2600	nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:51:46.0020 2600	nvUpdatusService - ok
19:51:46.0133 2600	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:51:46.0137 2600	nv_agp - ok
19:51:46.0259 2600	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:51:46.0264 2600	odserv - ok
19:51:46.0280 2600	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:51:46.0282 2600	ohci1394 - ok
19:51:46.0338 2600	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:46.0350 2600	ose - ok
19:51:46.0412 2600	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:51:46.0418 2600	p2pimsvc - ok
19:51:46.0451 2600	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:51:46.0465 2600	p2psvc - ok
19:51:46.0500 2600	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:51:46.0502 2600	Parport - ok
19:51:46.0543 2600	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:51:46.0545 2600	partmgr - ok
19:51:46.0558 2600	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:51:46.0560 2600	Parvdm - ok
19:51:46.0582 2600	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:51:46.0594 2600	PcaSvc - ok
19:51:46.0626 2600	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:51:46.0638 2600	pci - ok
19:51:46.0648 2600	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:51:46.0650 2600	pciide - ok
19:51:46.0684 2600	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:51:46.0695 2600	pcmcia - ok
19:51:46.0714 2600	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:51:46.0716 2600	pcw - ok
19:51:46.0769 2600	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:51:46.0782 2600	PEAUTH - ok
19:51:46.0903 2600	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:51:46.0931 2600	pla - ok
19:51:47.0068 2600	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:51:47.0074 2600	PlugPlay - ok
19:51:47.0131 2600	PnkBstrA        (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
19:51:47.0137 2600	PnkBstrA - ok
19:51:47.0163 2600	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:51:47.0167 2600	PNRPAutoReg - ok
19:51:47.0195 2600	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:51:47.0200 2600	PNRPsvc - ok
19:51:47.0260 2600	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:51:47.0273 2600	PolicyAgent - ok
19:51:47.0359 2600	postgresql-8.4 - ok
19:51:47.0415 2600	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:51:47.0421 2600	Power - ok
19:51:47.0494 2600	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:51:47.0496 2600	PptpMiniport - ok
19:51:47.0520 2600	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:51:47.0522 2600	Processor - ok
19:51:47.0574 2600	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
19:51:47.0579 2600	ProfSvc - ok
19:51:47.0608 2600	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:47.0611 2600	ProtectedStorage - ok
19:51:47.0686 2600	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:51:47.0709 2600	ql2300 - ok
19:51:47.0826 2600	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:51:47.0831 2600	ql40xx - ok
19:51:47.0870 2600	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:51:47.0875 2600	QWAVE - ok
19:51:47.0907 2600	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:51:47.0909 2600	QWAVEdrv - ok
19:51:47.0928 2600	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:51:47.0930 2600	RasAcd - ok
19:51:47.0970 2600	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:47.0972 2600	RasAgileVpn - ok
19:51:47.0989 2600	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:51:48.0002 2600	RasAuto - ok
19:51:48.0020 2600	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:48.0022 2600	Rasl2tp - ok
19:51:48.0095 2600	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:51:48.0101 2600	RasMan - ok
19:51:48.0133 2600	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:48.0135 2600	RasPppoe - ok
19:51:48.0152 2600	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:51:48.0158 2600	RasSstp - ok
19:51:48.0184 2600	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:51:48.0193 2600	rdbss - ok
19:51:48.0223 2600	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:51:48.0225 2600	rdpbus - ok
19:51:48.0274 2600	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:48.0276 2600	RDPCDD - ok
19:51:48.0294 2600	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:51:48.0296 2600	RDPENCDD - ok
19:51:48.0334 2600	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:51:48.0337 2600	RDPREFMP - ok
19:51:48.0377 2600	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
19:51:48.0387 2600	RDPWD - ok
19:51:48.0451 2600	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:51:48.0462 2600	rdyboost - ok
19:51:48.0489 2600	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:51:48.0494 2600	RemoteAccess - ok
19:51:48.0524 2600	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:51:48.0537 2600	RemoteRegistry - ok
19:51:48.0567 2600	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:51:48.0572 2600	RpcEptMapper - ok
19:51:48.0602 2600	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:51:48.0606 2600	RpcLocator - ok
19:51:48.0671 2600	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:51:48.0679 2600	RpcSs - ok
19:51:48.0712 2600	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:51:48.0714 2600	rspndr - ok
19:51:48.0735 2600	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:51:48.0747 2600	RTL8167 - ok
19:51:48.0775 2600	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:48.0778 2600	SamSs - ok
19:51:48.0822 2600	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:51:48.0825 2600	sbp2port - ok
19:51:48.0861 2600	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:51:48.0873 2600	SCardSvr - ok
19:51:48.0912 2600	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:51:48.0913 2600	scfilter - ok
19:51:48.0994 2600	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:51:49.0004 2600	Schedule - ok
19:51:49.0052 2600	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:51:49.0055 2600	SCPolicySvc - ok
19:51:49.0104 2600	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:51:49.0116 2600	SDRSVC - ok
19:51:49.0152 2600	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:51:49.0154 2600	secdrv - ok
19:51:49.0184 2600	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:51:49.0191 2600	seclogon - ok
19:51:49.0223 2600	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:51:49.0229 2600	SENS - ok
19:51:49.0255 2600	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:51:49.0263 2600	SensrSvc - ok
19:51:49.0307 2600	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:51:49.0309 2600	Serenum - ok
19:51:49.0345 2600	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:51:49.0347 2600	Serial - ok
19:51:49.0384 2600	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:51:49.0386 2600	sermouse - ok
19:51:49.0448 2600	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:51:49.0452 2600	SessionEnv - ok
19:51:49.0478 2600	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:51:49.0480 2600	sffdisk - ok
19:51:49.0491 2600	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:51:49.0493 2600	sffp_mmc - ok
19:51:49.0509 2600	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:51:49.0511 2600	sffp_sd - ok
19:51:49.0532 2600	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:51:49.0534 2600	sfloppy - ok
19:51:49.0580 2600	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:51:49.0593 2600	SharedAccess - ok
19:51:49.0662 2600	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:51:49.0674 2600	ShellHWDetection - ok
19:51:49.0712 2600	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:51:49.0713 2600	sisagp - ok
19:51:49.0746 2600	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:51:49.0748 2600	SiSRaid2 - ok
19:51:49.0774 2600	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:51:49.0776 2600	SiSRaid4 - ok
19:51:49.0802 2600	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:51:49.0804 2600	Smb - ok
19:51:49.0845 2600	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:51:49.0849 2600	SNMPTRAP - ok
19:51:49.0864 2600	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:51:49.0866 2600	spldr - ok
19:51:49.0926 2600	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:51:49.0940 2600	Spooler - ok
19:51:50.0144 2600	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:51:50.0179 2600	sppsvc - ok
19:51:50.0307 2600	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:51:50.0312 2600	sppuinotify - ok
19:51:50.0401 2600	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:51:50.0414 2600	srv - ok
19:51:50.0445 2600	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:51:50.0459 2600	srv2 - ok
19:51:50.0476 2600	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:51:50.0480 2600	srvnet - ok
19:51:50.0506 2600	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:51:50.0517 2600	SSDPSRV - ok
19:51:50.0535 2600	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:51:50.0541 2600	SstpSvc - ok
19:51:50.0569 2600	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:51:50.0572 2600	stexstor - ok
19:51:50.0643 2600	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:51:50.0660 2600	StiSvc - ok
19:51:50.0690 2600	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:51:50.0691 2600	swenum - ok
19:51:50.0891 2600	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:51:50.0908 2600	SwitchBoard - ok
19:51:50.0947 2600	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:51:50.0953 2600	swprv - ok
19:51:51.0080 2600	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:51:51.0095 2600	SysMain - ok
19:51:51.0146 2600	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:51:51.0160 2600	TabletInputService - ok
19:51:51.0216 2600	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:51:51.0224 2600	TapiSrv - ok
19:51:51.0255 2600	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:51:51.0260 2600	TBS - ok
19:51:51.0399 2600	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:51:51.0416 2600	Tcpip - ok
19:51:51.0628 2600	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:51:51.0635 2600	TCPIP6 - ok
19:51:51.0726 2600	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:51:51.0728 2600	tcpipreg - ok
19:51:51.0797 2600	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:51:51.0799 2600	TDPIPE - ok
19:51:51.0830 2600	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:51:51.0831 2600	TDTCP - ok
19:51:51.0878 2600	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:51:51.0880 2600	tdx - ok
19:51:51.0909 2600	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:51:51.0911 2600	TermDD - ok
19:51:51.0982 2600	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:51:51.0990 2600	TermService - ok
19:51:52.0011 2600	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:51:52.0016 2600	Themes - ok
19:51:52.0046 2600	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:51:52.0049 2600	THREADORDER - ok
19:51:52.0077 2600	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:51:52.0082 2600	TrkWks - ok
19:51:52.0150 2600	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:51:52.0161 2600	TrustedInstaller - ok
19:51:52.0178 2600	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:52.0179 2600	tssecsrv - ok
19:51:52.0230 2600	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:51:52.0232 2600	TsUsbFlt - ok
19:51:52.0293 2600	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:51:52.0297 2600	tunnel - ok
19:51:52.0327 2600	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:51:52.0329 2600	uagp35 - ok
19:51:52.0392 2600	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:51:52.0399 2600	udfs - ok
19:51:52.0518 2600	UI Assistant Service (13bff97e926bf8d9c1230cecc371a0c0) C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
19:51:52.0526 2600	UI Assistant Service - ok
19:51:52.0556 2600	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:51:52.0563 2600	UI0Detect - ok
19:51:52.0597 2600	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:51:52.0599 2600	uliagpkx - ok
19:51:52.0627 2600	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:51:52.0629 2600	umbus - ok
19:51:52.0660 2600	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:51:52.0661 2600	UmPass - ok
19:51:52.0695 2600	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:51:52.0701 2600	upnphost - ok
19:51:52.0753 2600	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:52.0755 2600	usbccgp - ok
19:51:52.0797 2600	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:51:52.0799 2600	usbcir - ok
19:51:52.0831 2600	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:51:52.0833 2600	usbehci - ok
19:51:52.0891 2600	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:51:52.0899 2600	usbhub - ok
19:51:52.0921 2600	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:51:52.0923 2600	usbohci - ok
19:51:52.0946 2600	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:51:52.0947 2600	usbprint - ok
19:51:53.0002 2600	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:51:53.0004 2600	usbscan - ok
19:51:53.0041 2600	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:53.0043 2600	USBSTOR - ok
19:51:53.0065 2600	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:51:53.0067 2600	usbuhci - ok
19:51:53.0098 2600	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:51:53.0103 2600	UxSms - ok
19:51:53.0133 2600	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:53.0136 2600	VaultSvc - ok
19:51:53.0175 2600	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:51:53.0176 2600	vdrvroot - ok
19:51:53.0243 2600	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:51:53.0250 2600	vds - ok
19:51:53.0297 2600	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:53.0300 2600	vga - ok
19:51:53.0313 2600	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:51:53.0314 2600	VgaSave - ok
19:51:53.0345 2600	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:51:53.0347 2600	vhdmp - ok
19:51:53.0377 2600	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:51:53.0379 2600	viaagp - ok
19:51:53.0405 2600	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:51:53.0407 2600	ViaC7 - ok
19:51:53.0414 2600	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:51:53.0416 2600	viaide - ok
19:51:53.0434 2600	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:51:53.0436 2600	volmgr - ok
19:51:53.0464 2600	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:51:53.0470 2600	volmgrx - ok
19:51:53.0508 2600	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:51:53.0515 2600	volsnap - ok
19:51:53.0559 2600	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:51:53.0571 2600	vsmraid - ok
19:51:53.0671 2600	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:51:53.0682 2600	VSS - ok
19:51:53.0699 2600	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:53.0701 2600	vwifibus - ok
19:51:53.0733 2600	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:53.0734 2600	vwififlt - ok
19:51:53.0775 2600	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:51:53.0781 2600	W32Time - ok
19:51:53.0810 2600	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:51:53.0813 2600	WacomPen - ok
19:51:53.0872 2600	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:51:53.0875 2600	WANARP - ok
19:51:53.0878 2600	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:51:53.0879 2600	Wanarpv6 - ok
19:51:53.0987 2600	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:51:54.0009 2600	wbengine - ok
19:51:54.0044 2600	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:51:54.0056 2600	WbioSrvc - ok
19:51:54.0121 2600	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:51:54.0137 2600	wcncsvc - ok
19:51:54.0149 2600	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:51:54.0157 2600	WcsPlugInService - ok
19:51:54.0206 2600	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:51:54.0208 2600	Wd - ok
19:51:54.0259 2600	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:51:54.0269 2600	Wdf01000 - ok
19:51:54.0281 2600	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:51:54.0286 2600	WdiServiceHost - ok
19:51:54.0296 2600	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:51:54.0300 2600	WdiSystemHost - ok
19:51:54.0359 2600	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:51:54.0365 2600	WebClient - ok
19:51:54.0411 2600	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:51:54.0416 2600	Wecsvc - ok
19:51:54.0429 2600	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:51:54.0434 2600	wercplsupport - ok
19:51:54.0461 2600	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:51:54.0466 2600	WerSvc - ok
19:51:54.0492 2600	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:54.0493 2600	WfpLwf - ok
19:51:54.0509 2600	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:51:54.0510 2600	WIMMount - ok
19:51:54.0599 2600	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:51:54.0612 2600	WinDefend - ok
19:51:54.0627 2600	WinHttpAutoProxySvc - ok
19:51:54.0696 2600	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:51:54.0706 2600	Winmgmt - ok
19:51:54.0806 2600	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:51:54.0819 2600	WinRM - ok
19:51:54.0903 2600	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:51:54.0905 2600	WinUsb - ok
19:51:54.0976 2600	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:51:54.0991 2600	Wlansvc - ok
19:51:55.0167 2600	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:51:55.0193 2600	wlidsvc - ok
19:51:55.0321 2600	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:51:55.0322 2600	WmiAcpi - ok
19:51:55.0378 2600	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:51:55.0390 2600	wmiApSrv - ok
19:51:55.0528 2600	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:51:55.0543 2600	WMPNetworkSvc - ok
19:51:55.0645 2600	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:51:55.0650 2600	WPCSvc - ok
19:51:55.0703 2600	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:51:55.0717 2600	WPDBusEnum - ok
19:51:55.0769 2600	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:51:55.0771 2600	ws2ifsl - ok
19:51:55.0790 2600	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:51:55.0805 2600	wscsvc - ok
19:51:55.0809 2600	WSearch - ok
19:51:55.0936 2600	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:51:55.0961 2600	wuauserv - ok
19:51:56.0092 2600	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:51:56.0095 2600	WudfPf - ok
19:51:56.0119 2600	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:56.0123 2600	WUDFRd - ok
19:51:56.0179 2600	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:51:56.0194 2600	wudfsvc - ok
19:51:56.0222 2600	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:51:56.0257 2600	WwanSvc - ok
19:51:56.0307 2600	ZTEusbmdm6k     (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:51:56.0310 2600	ZTEusbmdm6k - ok
19:51:56.0355 2600	ZTEusbnmea      (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:51:56.0360 2600	ZTEusbnmea - ok
19:51:56.0383 2600	ZTEusbser6k     (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:51:56.0387 2600	ZTEusbser6k - ok
19:51:56.0413 2600	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:51:56.0617 2600	\Device\Harddisk0\DR0 - ok
19:51:56.0621 2600	Boot (0x1200)   (2a8eda088ad668107b05fd3cebacc0f4) \Device\Harddisk0\DR0\Partition0
19:51:56.0622 2600	\Device\Harddisk0\DR0\Partition0 - ok
19:51:56.0623 2600	============================================================
19:51:56.0623 2600	Scan finished
19:51:56.0623 2600	============================================================
19:51:56.0637 3860	Detected object count: 1
19:51:56.0637 3860	Actual detected object count: 1
19:53:46.0136 3860	c:\program files\common files\akamai/netsession_win_4f7fccd.dll - copied to quarantine
19:53:46.0137 3860	Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine 
19:56:04.0340 2096	Deinitialize success
         

Alt 23.07.2012, 23:25   #12
t'john
/// Helfer-Team
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Sehr gut!

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)



Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.




  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.




  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".



  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.



  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.



  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.07.2012, 11:15   #13
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



moin t'john
wiedermal alles ausgeführt.
IE Desktop-Icon wurde nicht erstellt und Standardbrowser anscheinend auch nicht geändert sonst lief alles wie von dir beschrieben.

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-25.02 - Ce 24.07.2012  10:41:19.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1810 [GMT 2:00]
ausgeführt von:: c:\users\Ce\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ce\AppData\Roaming\Adobe\plugs
c:\users\Ce\AppData\Roaming\Adobe\shed
c:\windows\IsUn0407.exe
c:\windows\system32\fldlckun.exe
c:\windows\system32\msvcrt.1
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-24 bis 2012-07-24  ))))))))))))))))))))))))))))))
.
.
2012-07-24 08:50 . 2012-07-24 08:50	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F854F467-D729-49A4-A917-EC9323D33933}\offreg.dll
2012-07-24 08:50 . 2012-07-24 08:54	--------	d-----w-	c:\users\Ce\AppData\Local\temp
2012-07-24 08:50 . 2012-07-24 08:50	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-24 08:50 . 2012-07-24 08:50	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-07-24 08:50 . 2012-07-24 08:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-24 07:56 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F854F467-D729-49A4-A917-EC9323D33933}\mpengine.dll
2012-07-23 17:53 . 2012-07-23 17:53	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-07-22 17:48 . 2012-07-23 06:58	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-07-22 15:19 . 2012-07-22 15:19	--------	d-----w-	c:\users\Ce\AppData\Local\Macromedia
2012-07-22 15:18 . 2012-07-22 15:18	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-22 15:08 . 2012-07-22 15:08	--------	d-----w-	c:\program files\Common Files\Java
2012-07-22 15:07 . 2012-07-22 15:07	--------	d-----w-	c:\program files\Oracle
2012-07-22 15:07 . 2012-07-22 15:06	772592	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-21 21:58 . 2012-07-21 21:58	--------	d-----w-	C:\_OTL
2012-07-21 13:11 . 2012-07-21 13:11	--------	d-----w-	c:\users\Ce\AppData\Roaming\Malwarebytes
2012-07-21 13:10 . 2012-07-21 13:10	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-21 13:10 . 2012-07-21 13:10	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-21 13:10 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-21 11:42 . 2012-07-21 14:24	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-07-11 11:29 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-05 07:48 . 2012-07-05 07:54	--------	d-----w-	c:\users\Ce\AppData\Local\Nemex
2012-07-05 07:48 . 2012-07-05 07:48	--------	d-----w-	c:\users\Ce\AppData\Roaming\Mouse Recorder Pro
2012-07-05 07:48 . 2012-07-05 07:48	--------	d-----w-	c:\program files\Mouse Recorder Pro 2
2012-07-01 14:31 . 2012-07-01 14:31	--------	d-----w-	c:\users\Ce\AppData\Roaming\inkscape
2012-07-01 14:26 . 2012-07-23 13:44	--------	d-----w-	C:\Master-Progs
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 15:18 . 2012-02-11 12:25	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2010-10-08 12:57	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-03 16:21 . 2010-02-04 14:43	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-24 15:46	44784	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-04-07 00:02	721000	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-02-04 14:43	353688	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-02-04 14:43	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-02-04 14:43	57656	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-01-14 13:30	41224	----a-w-	c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-02-04 14:43	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-22 07:40	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:40	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:40	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:40	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 07:40	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 07:40	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 07:40	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 07:39	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 07:39	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-02-04 17:21	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-17 21:40 . 2012-02-09 18:44	270240	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-05-17 21:40 . 2012-02-09 18:16	270240	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-05-17 21:15 . 2012-02-09 18:17	139080	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-05-17 21:14 . 2012-02-09 18:16	270240	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-05-01 04:44 . 2012-06-13 07:47	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 07:49	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 07:48	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 07:48	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 07:48	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-17 13:06 . 2011-05-07 17:48	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10	402432	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 15:43	2621440	------r-	c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-19 17:08	3477312	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-05-05 09:48	119608	----a-w-	c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-09-30 12:00	139088	----a-w-	c:\program files\1&1 Surf-Stick\UIExec.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MLPTDR_P;MLPTDR_P;c:\windows\system32\MLPTDR_P.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 15:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{027BA166-85AE-4FB6-AB5E-C66FE5727086}: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-KONICA MINOLTA magicolor2300WStatusDisplay - c:\windows\system32\MSTMON_P.EXE
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
AddRemove-AutoCAD 2000 - Deutsch Deinstaller - c:\windows\unin0407.exe
AddRemove-Farm Frenzy 3 - Madagascar 1.0.0.0 - c:\spiele\Farm Frenzy 3\Madagascar\Uninstall.exe
AddRemove-StarMoney 3.0 S-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1991458982-1511798740-764840806-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,60,26,36,ae,77,cd,7b,8a,e5,01,f0,94,83,93,00,47,c3,22,a5,31,
   b1,91,f7,a9,a1,56,5c,7b,75,7c,36,c0,5a,a3,28,57,c8,ec,c3,b9,bb,1f,3a,88,b5,\
"rkeysecu"=hex:a8,4a,53,db,0a,1a,3e,48,7c,de,eb,98,c6,87,96,e6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-24  10:58:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-24 08:58
.
Vor Suchlauf: 17 Verzeichnis(se), 80.213.032.960 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 80.006.860.800 Bytes frei
.
- - End Of File - - B0CF41B3B701B955B7785D944D3B0E91
         
--- --- ---


Code:
ATTFilter
 Update for Microsoft Office 2007 (KB2508958)
1&1 Surf-Stick
1ClickDownload
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS
Adobe InDesign CS5
Adobe Photoshop CS
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
ArcGIS Desktop 10
ArcGIS Desktop 10 German Supplement
ArcGIS Desktop 10 Tutorial Data
AutoCAD 2000 - Deutsch
AutoCAD 2009 - Deutsch
Autodesk 123D Catch
avast! Free Antivirus
Battlefield Heroes
Brother MFL-Pro Suite MFC-J410
CCleaner
Curse Client
D3DX10
DAEMON Tools Lite
DivX-Setup
eReg
F1 2011
Farm Frenzy 3 - Madagascar 1.0.0.0
FileZilla Client 3.5.3
Free Video Converter V 3.1
FUSSBALL MANAGER 09
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
Holdem Manager
ICQ7.4
Inkscape 0.48.2
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
JDownloader
KONICA MINOLTA magicolor2300W
Logitech SetPoint 6.20
LuckyAcePoker.com
MAGIX Web Designer 7 Premium
MAGNETO-ARCH 1.00-00
Malwarebytes Anti-Malware Version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Native Client
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser und SDK
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mouse Recorder Pro 2.0.7.4
Mozilla Firefox 13.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Need for Speed™ SHIFT
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Grafiktreiber 275.33
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Systemsteuerung 275.33
NVIDIA Update 1.3.5
NVIDIA Update Components
OpenAL
PaperPort Image Printer
Patrizier 4
PDF Settings CS5
PDFCreator
pdfforge Toolbar v6.0
PokerStars
PostgreSQL 8.4
ProtectDisc Driver, Version 11
PunkBuster Services
PVSonyDll
Rapture3D 2.4.9 Game
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Skype™ 4.1
smartision ScreenCopy 2.3
StarMoney 3.0 S-Edition
StarMoney 4.0 S-Edition
Surfer 8
swMSM
TeamSpeak 2 RC2
TeamSpeak 3 Client
Thrustmaster Force Feedback Driver
TmNationsForever
Ulead PhotoImpact 8 SE
Ultra Defragmenter
Unity Web Player
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
UseNeXT
VBA (2627.01)
VBA (2701.01)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.5
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR Archivierer
WinTopo Pro
         

Alt 25.07.2012, 01:25   #14
t'john
/// Helfer-Team
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



Sehr gut!

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 11:01   #15
Ceragol
 
BKA Trojaner - kein internet mehr möglich - Standard

BKA Trojaner - kein internet mehr möglich



moin du Nachteule,
Installiert/Gelöscht und Einstellungen geändert, war ja diesmal ganz einfach.

Was mach ich denn mit den ganzen Scannern (Malewarebytes/OTL/adwcleaner/TDSSKiller/Combofix) die noch auf meinem Desktop liegen?
Unter C sind durch unsere scannerei etliche Ordner und Logdateien entstanden, können die weg oder sollen die noch bleiben?

Antwort

Themen zu BKA Trojaner - kein internet mehr möglich
anderen, anleitung, applaus, brenner, daten, daten verschlüsselt, direkt, dringend, ergebnisse, folge, funktioniert, hallo zusammen, internet, kaspersky, kein internet, locker, logfile, meldung, nicht öffnen, nichts, probleme, rechner, retten, stick, tan, task-manager, trojaner, windowsunlocker, zahlen, öffnen



Ähnliche Themen: BKA Trojaner - kein internet mehr möglich


  1. Nach Telekom Trojaner START kein Mailversand mehr möglich
    Log-Analyse und Auswertung - 09.12.2014 (26)
  2. GVU Trojaner bei Windows 7, kein booten mehr möglich
    Log-Analyse und Auswertung - 20.11.2013 (9)
  3. Wegen GVU Trojaner kein Zugriff mehr auf meinen PC möglich
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (33)
  4. Kein Zugang zum Internet mehr möglich
    Alles rund um Windows - 12.05.2013 (26)
  5. GVU Trojaner, kein Zugriff mehr möglich
    Log-Analyse und Auswertung - 19.02.2013 (5)
  6. Deutsche Post Trojaner - kein versenden von E-Mails mehr möglich
    Log-Analyse und Auswertung - 20.12.2012 (1)
  7. BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (40)
  8. TROJANER - kein Zugriff auf Desktop mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  9. weißer bildschirm, keine taskleiste, kein taskmanager mehr - kein Klicken möglich
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (1)
  10. Windows Verschlüsselungs-Trojaner (kein abg. Modus mehr möglich) - OTL
    Log-Analyse und Auswertung - 11.05.2012 (3)
  11. Gema-Trojaner, kein Zugriff auf Rechner mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (2)
  12. Keine Anmeldung bei Windows mehr möglich. Passwort feld fehlt. Kein Internet mehr. Kein Admin mehr.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (5)
  13. Krasser Wurm\Virus\Trojaner---> Kein Rechtsklick mehr möglich!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (23)
  14. kein XP start mehr möglich - durch unbekannten trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  15. Nach Trojaner-Beseitgung kein WinXP-Update mehr möglich!
    Alles rund um Windows - 31.10.2008 (4)
  16. Kein Antiviren-Programm und auch kein abgesicherter Modus mehr möglich
    Log-Analyse und Auswertung - 12.02.2007 (1)

Zum Thema BKA Trojaner - kein internet mehr möglich - Hallo zusammen, als ich heute morgen den Rechner gestartet habe bekam ich diese nette Meldung 100€ zahlen zu sollen, wie sie hier ja schon bekannt ist, und mein Rechner war - BKA Trojaner - kein internet mehr möglich...
Archiv
Du betrachtest: BKA Trojaner - kein internet mehr möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.