| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner - kein internet mehr möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.07.2012, 19:38
| #1 |
| |  BKA Trojaner - kein internet mehr möglich Hallo zusammen, als ich heute morgen den Rechner gestartet habe bekam ich diese nette Meldung 100€ zahlen zu sollen, wie sie hier ja schon bekannt ist, und mein Rechner war vollkommen blockiert. Zuerst hab ich direkt mal das Internet ausgestöpselt. Der Rechner selber funktioniert, es scheinen keine Daten verschlüsselt worden zu sein. Einzig der Task-Manager lässt sich nicht öffnen, er schliesst sofort wieder. Sobalt ich das Internet wieder anstöpsel kommt die nette Meldung zurück und alles ist blockiert. Zuerst habe ich volgende Anleitung durchgearbeitet: hxxp://www.chip.de/news/Bundespolizei-Virus-entfernen-PC-entsperren_50761972.html aber Kaspersky WindowsUnlocker hat keinerlei Ergebnisse erbracht, es hat sich nichts verändert. Danach habe ich hier angefangen zu lesen und offensichtlich habt ihr schon vielen mit selben oder ähnlichen Problemen weiterhelfen können  Da ich keinen Brenner zur verfügung habe (Minilaptop) schiebe ich momentan alles mit einem Stick hin und her. Daher kann ich leider nicht der am häufigsten angegebenen Anleitung folgen und habe es nun wie in einem anderen Thread (http://www.trojaner-board.de/119091-...-trojaner.html) zu sehen war versucht. Malewarebytes ergab keine Funde. Anhang: - logfile Malewarebytes - OTL.txt - Extras.txt Ich müsste dringend weiterarbeiten da mir ein Abgabetermin im nacken sitzt, hoffe hier gibts jemanden der mich retten kann  |
|
21.07.2012, 22:51
| #2 |
| /// Helfer-Team  | BKA Trojaner - kein internet mehr möglich Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
MOD - C:\Users\Ce\AppData\Local\Temp\rool0_pk.exe ()
SRV - (Vcp4frarbbum) -- File not found
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{08AF6EED-308C-4045-9661-3FFDA5EE3084}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = http://search.kikin.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KONICA MINOLTA magicolor2300WStatusDisplay] C:\Windows\System32\MSTMON_P.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Ce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2002.09.30 07:33:16 | 000,126,976 | R--- | M] (InstallShield Software Corporation)
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2012.07.03 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.03 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.03 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.07.21 19:20:14 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 19:20:13 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 15:57:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.20 20:09:52 | 000,001,881 | ---- | M] () -- C:\Users\Ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
21.07.2012, 23:28
| #3 |
| | BKA Trojaner - kein internet mehr möglich Hallo t'john, dank dir erstmal
__________________ Ich habe das ganze durchgeführt. Während des Fixens versuchte der IE zu öffnen was ohne Netzverbindung natürlich fehlschlug, der Neustart danach war automatisch und dauerte während des hochfahrens sehr lange. Der Taskmanager lässt sich wieder öffnen. Internet habe ich noch nicht wieder angeschlossen, damit warte ich lieber noch bis zu deinem OK ^^ Code:
ATTFilter All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Vcp4frarbbum stopped successfully!
Service Vcp4frarbbum deleted successfully!
File File not found not found.
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08AF6EED-308C-4045-9661-3FFDA5EE3084}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08AF6EED-308C-4045-9661-3FFDA5EE3084}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KONICA MINOLTA magicolor2300WStatusDisplay deleted successfully.
C:\Windows\System32\MSTMON_P.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Ce\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b54c8628-3f46-11df-991c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b54c8628-3f46-11df-991c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b54c8628-3f46-11df-991c-806e6f6e6963}\ not found.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
C:\Windows\System32\tmp247C.tmp deleted successfully.
C:\Windows\System32\tmp248D.tmp deleted successfully.
C:\Windows\System32\tmp5B3A.tmp deleted successfully.
C:\Windows\System32\tmp5B3B.tmp deleted successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\6.0 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\kp_0loor.pad moved successfully.
C:\Users\Ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ce\Desktop\cmd.bat deleted successfully.
C:\Users\Ce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Ce
->Temp folder emptied: 42001966 bytes
->Temporary Internet Files folder emptied: 143615502 bytes
->Java cache emptied: 55037256 bytes
->FireFox cache emptied: 926068854 bytes
->Flash cache emptied: 75399249 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17705422 bytes
RecycleBin emptied: 11994858 bytes
Total Files Cleaned = 1.213,00 mb
[EMPTYFLASH]
User: All Users
User: Ce
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: postgres
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07212012_235817
Files\Folders moved on Reboot...
File move failed. D:\Setup.exe scheduled to be moved on reboot.
C:\Users\Ce\AppData\Local\Temp\rool0_pk.exe moved successfully.
File\Folder C:\Users\Ce\AppData\Local\Temp\~DF0DCE99F16CEC9BC1.TMP not found!
File\Folder C:\Users\Ce\AppData\Local\Temp\~DF61CD0B5CCD9D81CB.TMP not found!
C:\Users\Ce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2002.09.30 07:33:16 | 000,126,976 | R--- | M] (InstallShield Software Corporation) D:\Setup.exe : MD5=468D6E941908249C18D1C3479BE2DC6D
File C:\Users\Ce\AppData\Local\Temp\rool0_pk.exe not found!
File C:\Users\Ce\AppData\Local\Temp\~DF0DCE99F16CEC9BC1.TMP not found!
File C:\Users\Ce\AppData\Local\Temp\~DF61CD0B5CCD9D81CB.TMP not found!
File C:\Users\Ce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
[2012.07.22 00:04:06 | 008,405,015 | ---- | M] () C:\Windows\temp\hlktmp : Unable to obtain MD5
Registry entries deleted on Reboot...
|
|
21.07.2012, 23:46
| #4 |
| /// Helfer-Team | BKA Trojaner - kein internet mehr möglich Sehr gut!  Wie laeuft der Rechner? Internet wieder einschalten! 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
22.07.2012, 11:03
| #5 |
| | BKA Trojaner - kein internet mehr möglich moinmoin, der Rechner läuft super, bisher keine Probleme festgestellt. Der Task Manager ist wunderbar aufgeräumt, nun kann ich mal (fast) alle laufenden Prozesse identifizieren. Malwarebytes aktuallisiert und laufen gelassen genau wie adwcleaner, hier die beiden logs: Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ce :: CE-HOME [Administrator] Schutz: Aktiviert 22.07.2012 10:17:20 mbam-log-2012-07-22 (10-17-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 499501 Laufzeit: 1 Stunde(n), 20 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles\07212012_235817\C_Users\Ce\AppData\Local\Temp\rool0_pk.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/22/2012 at 11:52:08
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Ce - CE-HOME
# Running from : C:\Users\Ce\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Ce\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ce\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Ce\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Ce\AppData\Roaming\kikin
Folder Found : C:\Users\Ce\AppData\Roaming\pdfforge
Folder Found : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\SweetIMToolbarData
Folder Found : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\extensions\staged
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files\kikin
File Found : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\searchplugins\SweetIm.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Tarma Installer
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\prefs.js
Found : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2504091.CTID", "CT2504091");
Found : user_pref("CT2504091.CurrentServerDate", "4-2-2010");
Found : user_pref("CT2504091.DialogsAlignMode", "LTR");
Found : user_pref("CT2504091.EMailNotifierPollDate", "Thu Feb 04 2010 16:07:11 GMT+0100");
Found : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Found : user_pref("CT2504091.FeedPollDate128891351169457132", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Found : user_pref("CT2504091.FirstServerDate", "4-2-2010");
Found : user_pref("CT2504091.FirstTime", true);
Found : user_pref("CT2504091.FirstTimeFF3", true);
Found : user_pref("CT2504091.FixPageNotFoundErrors", true);
Found : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2504091.Initialize", true);
Found : user_pref("CT2504091.InitializeCommonPrefs", true);
Found : user_pref("CT2504091.InstalledDate", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.IsGrouping", false);
Found : user_pref("CT2504091.IsMulticommunity", false);
Found : user_pref("CT2504091.IsOpenThankYouPage", false);
Found : user_pref("CT2504091.IsOpenUninstallPage", false);
Found : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Feb 04 2010 16:07:11 GMT+0100");
Found : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2504091.LastLogin_2.5.6.0", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Found : user_pref("CT2504091.Locale", "en-us");
Found : user_pref("CT2504091.LoginCache", 4);
Found : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Found : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Found : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Found : user_pref("CT2504091.SearchInNewTabEnabled", true);
Found : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Feb 04 2010 16:07:09 GMT+0100");
Found : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Found : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2504091.SettingsLastCheckTime", "Thu Feb 04 2010 16:07:08 GMT+0100");
Found : user_pref("CT2504091.SettingsLastUpdate", "1264532448");
Found : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Feb 04 2010 16:07:08 GMT+0100");
Found : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1264532448");
Found : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2504091.UserID", "UN74707214767359199");
Found : user_pref("CT2504091.alertChannelId", "897164");
Found : user_pref("CT2504091.clientLogIsEnabled", false);
Found : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2504091.myStuffEnabled", true);
Found : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2504091.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Found : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
*************************
AdwCleaner[R1].txt - [8984 octets] - [22/07/2012 11:52:08]
########## EOF - C:\AdwCleaner[R1].txt - [9112 octets] ##########
|
|
22.07.2012, 17:55
| #6 |
| /// Helfer-Team | BKA Trojaner - kein internet mehr möglich Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> BKA Trojaner - kein internet mehr möglich |
|
22.07.2012, 20:34
| #7 |
| | BKA Trojaner - kein internet mehr möglich Auf zur nächsten runde ^^ Alles gemacht. Emsisoft noch offen, bisher nichts in Quarantäne geschoben. adwcleaner Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/22/2012 at 19:32:43
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Ce - CE-HOME
# Running from : C:\Users\Ce\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Ce\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ce\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Ce\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ce\AppData\Roaming\kikin
Folder Deleted : C:\Users\Ce\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\SweetIMToolbarData
Folder Deleted : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\extensions\staged
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\kikin
File Deleted : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\searchplugins\SweetIm.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Tarma Installer
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\prefs.js
C:\Users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\user.js ... Deleted !
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "4-2-2010");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Thu Feb 04 2010 16:07:11 GMT+0100");
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457132", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "4-2-2010");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstalledDate", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Feb 04 2010 16:07:11 GMT+0100");
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_2.5.6.0", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.LoginCache", 4);
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Feb 04 2010 16:07:09 GMT+0100");
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Thu Feb 04 2010 16:07:08 GMT+0100");
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1264532448");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Feb 04 2010 16:07:08 GMT+0100");
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1264532448");
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2504091.UserID", "UN74707214767359199");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
*************************
AdwCleaner[R1].txt - [9113 octets] - [22/07/2012 11:52:08]
AdwCleaner[S1].txt - [9367 octets] - [22/07/2012 19:32:43]
########## EOF - C:\AdwCleaner[S1].txt - [9495 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.07.2012 19:56:23
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 22.07.2012 19:57:52
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Windows\System32\LckFldService.exe gefunden: Riskware.RiskTool.Win32.LockFolder.a!E1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2f488edc-6496c9af -> ClassPol.class gefunden: Exploit.Java.CVE-2010-0094!E2
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2f488edc-6496c9af -> Cload.class gefunden: JAVA.Agent!E2
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
Gescannt 733611
Gefunden 9
Scan Ende: 22.07.2012 21:17:26
Scan Zeit: 1:19:34
|
|
22.07.2012, 20:56
| #8 |
| /// Helfer-Team | BKA Trojaner - kein internet mehr möglich Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
23.07.2012, 11:15
| #9 |
| | BKA Trojaner - kein internet mehr möglich huhu, hat ein wenig gedauert aber nun bin ich wieder soweit. Alles ausgeführt ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b34501592902994a9910a958475334b4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 09:50:21
# local_time=2012-07-23 11:50:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 48020905 48020905 0 0
# compatibility_mode=5893 16776573 100 94 258378 94660341 0 0
# compatibility_mode=8192 67108863 100 0 245 245 0 0
# scanned=260970
# found=9
# cleaned=9
# scan_time=7874
C:\Windows\Installer\37a563.msi a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07212012_235817\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
23.07.2012, 17:50
| #10 |
| /// Helfer-Team | BKA Trojaner - kein internet mehr möglich TDSSKiller von Kaspersky - Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.Hier findest Du eine ausführlichere TDSSKiller Anleitung. |
|
23.07.2012, 19:11
| #11 |
| | BKA Trojaner - kein internet mehr möglich hmm, das Programm hat anders agiert als beschrieben. Folgende Aktionen fanden nicht statt: - Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten. - Bestätige das ggfs. mit Y(es). - Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach. Sicherheitshalber habe ich selber mal neugestartet. hier noch der Logfile: Code:
ATTFilter 19:51:08.0669 4060 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
19:51:08.0918 4060 ============================================================
19:51:08.0918 4060 Current date / time: 2012/07/23 19:51:08.0918
19:51:08.0918 4060 SystemInfo:
19:51:08.0918 4060
19:51:08.0918 4060 OS Version: 6.1.7601 ServicePack: 1.0
19:51:08.0918 4060 Product type: Workstation
19:51:08.0918 4060 ComputerName: CE-HOME
19:51:08.0918 4060 UserName: Ce
19:51:08.0918 4060 Windows directory: C:\Windows
19:51:08.0919 4060 System windows directory: C:\Windows
19:51:08.0919 4060 Processor architecture: Intel x86
19:51:08.0919 4060 Number of processors: 2
19:51:08.0919 4060 Page size: 0x1000
19:51:08.0919 4060 Boot type: Normal boot
19:51:08.0919 4060 ============================================================
19:51:09.0865 4060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:51:09.0908 4060 ============================================================
19:51:09.0908 4060 \Device\Harddisk0\DR0:
19:51:09.0908 4060 MBR partitions:
19:51:09.0908 4060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542DAB0
19:51:09.0908 4060 ============================================================
19:51:09.0950 4060 C: <-> \Device\Harddisk0\DR0\Partition0
19:51:09.0950 4060 ============================================================
19:51:09.0950 4060 Initialize success
19:51:09.0950 4060 ============================================================
19:51:31.0547 2600 ============================================================
19:51:31.0547 2600 Scan started
19:51:31.0547 2600 Mode: Manual;
19:51:31.0547 2600 ============================================================
19:51:32.0043 2600 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:51:32.0046 2600 1394ohci - ok
19:51:32.0142 2600 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
19:51:32.0152 2600 acedrv11 - ok
19:51:32.0183 2600 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:51:32.0190 2600 ACPI - ok
19:51:32.0214 2600 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:51:32.0215 2600 AcpiPmi - ok
19:51:32.0308 2600 Adobe LM Service (f84c9dee4698df3c1d76801b7b1b55d7) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:51:32.0311 2600 Adobe LM Service - ok
19:51:32.0421 2600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:51:32.0423 2600 AdobeARMservice - ok
19:51:32.0526 2600 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:51:32.0529 2600 AdobeFlashPlayerUpdateSvc - ok
19:51:32.0592 2600 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:51:32.0600 2600 adp94xx - ok
19:51:32.0622 2600 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:51:32.0628 2600 adpahci - ok
19:51:32.0666 2600 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:51:32.0678 2600 adpu320 - ok
19:51:32.0700 2600 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:51:32.0702 2600 AeLookupSvc - ok
19:51:32.0770 2600 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:51:32.0780 2600 AFD - ok
19:51:32.0811 2600 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:51:32.0813 2600 agp440 - ok
19:51:32.0859 2600 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:51:32.0860 2600 aic78xx - ok
19:51:33.0213 2600 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
19:51:33.0214 2600 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
19:51:33.0225 2600 Akamai ( HiddenFile.Multi.Generic ) - warning
19:51:33.0225 2600 Akamai - detected HiddenFile.Multi.Generic (1)
19:51:33.0379 2600 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
19:51:33.0389 2600 akshasp - ok
19:51:33.0451 2600 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
19:51:33.0452 2600 aksusb - ok
19:51:33.0506 2600 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:51:33.0507 2600 ALG - ok
19:51:33.0561 2600 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:51:33.0563 2600 aliide - ok
19:51:33.0589 2600 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:51:33.0591 2600 amdagp - ok
19:51:33.0611 2600 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:51:33.0612 2600 amdide - ok
19:51:33.0647 2600 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:51:33.0648 2600 AmdK8 - ok
19:51:33.0661 2600 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:51:33.0662 2600 AmdPPM - ok
19:51:33.0701 2600 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:51:33.0703 2600 amdsata - ok
19:51:33.0747 2600 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:51:33.0758 2600 amdsbs - ok
19:51:33.0778 2600 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:51:33.0780 2600 amdxata - ok
19:51:33.0833 2600 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:51:33.0835 2600 AppID - ok
19:51:33.0885 2600 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:51:33.0886 2600 AppIDSvc - ok
19:51:33.0933 2600 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:51:33.0935 2600 Appinfo - ok
19:51:33.0977 2600 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:51:33.0979 2600 arc - ok
19:51:34.0017 2600 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:51:34.0019 2600 arcsas - ok
19:51:34.0116 2600 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:51:34.0118 2600 aspnet_state - ok
19:51:34.0160 2600 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
19:51:34.0161 2600 aswFsBlk - ok
19:51:34.0211 2600 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
19:51:34.0213 2600 aswMonFlt - ok
19:51:34.0278 2600 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
19:51:34.0279 2600 aswRdr - ok
19:51:34.0373 2600 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
19:51:34.0384 2600 aswSnx - ok
19:51:34.0446 2600 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
19:51:34.0468 2600 aswSP - ok
19:51:34.0501 2600 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
19:51:34.0503 2600 aswTdi - ok
19:51:34.0541 2600 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:34.0542 2600 AsyncMac - ok
19:51:34.0587 2600 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:51:34.0611 2600 atapi - ok
19:51:34.0702 2600 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
19:51:34.0724 2600 athr - ok
19:51:34.0812 2600 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:51:34.0816 2600 AudioEndpointBuilder - ok
19:51:34.0824 2600 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:51:34.0827 2600 Audiosrv - ok
19:51:34.0955 2600 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
19:51:34.0961 2600 Autodesk Licensing Service - ok
19:51:35.0029 2600 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:51:35.0030 2600 avast! Antivirus - ok
19:51:35.0093 2600 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:51:35.0098 2600 AxInstSV - ok
19:51:35.0159 2600 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:51:35.0170 2600 b06bdrv - ok
19:51:35.0214 2600 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:51:35.0222 2600 b57nd60x - ok
19:51:35.0281 2600 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:51:35.0283 2600 BDESVC - ok
19:51:35.0298 2600 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:51:35.0301 2600 Beep - ok
19:51:35.0375 2600 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:51:35.0380 2600 BFE - ok
19:51:35.0453 2600 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:51:35.0525 2600 BITS - ok
19:51:35.0553 2600 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:35.0555 2600 blbdrive - ok
19:51:35.0586 2600 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:51:35.0587 2600 bowser - ok
19:51:35.0624 2600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:51:35.0625 2600 BrFiltLo - ok
19:51:35.0646 2600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:51:35.0647 2600 BrFiltUp - ok
19:51:35.0703 2600 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:51:35.0705 2600 Browser - ok
19:51:35.0739 2600 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:51:35.0747 2600 Brserid - ok
19:51:35.0772 2600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:35.0774 2600 BrSerWdm - ok
19:51:35.0800 2600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:35.0801 2600 BrUsbMdm - ok
19:51:35.0811 2600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:35.0812 2600 BrUsbSer - ok
19:51:35.0920 2600 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
19:51:35.0928 2600 BrYNSvc - ok
19:51:35.0948 2600 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:51:35.0949 2600 BTHMODEM - ok
19:51:35.0986 2600 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:51:35.0988 2600 bthserv - ok
19:51:36.0033 2600 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:51:36.0035 2600 cdfs - ok
19:51:36.0083 2600 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:51:36.0088 2600 cdrom - ok
19:51:36.0145 2600 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:51:36.0147 2600 CertPropSvc - ok
19:51:36.0172 2600 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:51:36.0173 2600 circlass - ok
19:51:36.0211 2600 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:51:36.0215 2600 CLFS - ok
19:51:36.0286 2600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:36.0288 2600 clr_optimization_v2.0.50727_32 - ok
19:51:36.0411 2600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:51:36.0449 2600 clr_optimization_v4.0.30319_32 - ok
19:51:36.0480 2600 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:36.0481 2600 CmBatt - ok
19:51:36.0512 2600 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:51:36.0513 2600 cmdide - ok
19:51:36.0557 2600 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
19:51:36.0569 2600 CNG - ok
19:51:36.0596 2600 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:51:36.0598 2600 Compbatt - ok
19:51:36.0638 2600 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:51:36.0640 2600 CompositeBus - ok
19:51:36.0654 2600 COMSysApp - ok
19:51:36.0664 2600 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:51:36.0666 2600 crcdisk - ok
19:51:36.0695 2600 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
19:51:36.0697 2600 CryptSvc - ok
19:51:36.0750 2600 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
19:51:36.0752 2600 dc3d - ok
19:51:36.0811 2600 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:51:36.0818 2600 DcomLaunch - ok
19:51:36.0854 2600 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:51:36.0863 2600 defragsvc - ok
19:51:36.0920 2600 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:51:36.0922 2600 DfsC - ok
19:51:36.0991 2600 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:51:36.0993 2600 Dhcp - ok
19:51:37.0019 2600 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:51:37.0021 2600 discache - ok
19:51:37.0058 2600 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:51:37.0060 2600 Disk - ok
19:51:37.0092 2600 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:51:37.0096 2600 Dnscache - ok
19:51:37.0151 2600 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:51:37.0160 2600 dot3svc - ok
19:51:37.0210 2600 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:51:37.0222 2600 DPS - ok
19:51:37.0253 2600 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:51:37.0254 2600 drmkaud - ok
19:51:37.0299 2600 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:51:37.0307 2600 dtsoftbus01 - ok
19:51:37.0367 2600 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:51:37.0377 2600 DXGKrnl - ok
19:51:37.0411 2600 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:51:37.0414 2600 EapHost - ok
19:51:37.0556 2600 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:51:37.0603 2600 ebdrv - ok
19:51:37.0700 2600 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:51:37.0703 2600 EFS - ok
19:51:37.0800 2600 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:51:37.0806 2600 ehRecvr - ok
19:51:37.0833 2600 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:51:37.0835 2600 ehSched - ok
19:51:37.0903 2600 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:51:37.0913 2600 elxstor - ok
19:51:37.0942 2600 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:51:37.0943 2600 ErrDev - ok
19:51:37.0990 2600 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:51:37.0997 2600 EventSystem - ok
19:51:38.0025 2600 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:51:38.0037 2600 exfat - ok
19:51:38.0059 2600 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:51:38.0070 2600 fastfat - ok
19:51:38.0140 2600 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:51:38.0149 2600 Fax - ok
19:51:38.0174 2600 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:51:38.0175 2600 fdc - ok
19:51:38.0203 2600 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:51:38.0206 2600 fdPHost - ok
19:51:38.0224 2600 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:51:38.0226 2600 FDResPub - ok
19:51:38.0253 2600 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:51:38.0255 2600 FileInfo - ok
19:51:38.0273 2600 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:51:38.0275 2600 Filetrace - ok
19:51:38.0426 2600 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:51:38.0438 2600 FLEXnet Licensing Service - ok
19:51:38.0485 2600 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:38.0487 2600 flpydisk - ok
19:51:38.0553 2600 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:51:38.0560 2600 FltMgr - ok
19:51:38.0619 2600 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:51:38.0628 2600 FontCache - ok
19:51:38.0702 2600 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:51:38.0703 2600 FontCache3.0.0.0 - ok
19:51:38.0716 2600 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:51:38.0717 2600 FsDepends - ok
19:51:38.0736 2600 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:51:38.0738 2600 Fs_Rec - ok
19:51:38.0788 2600 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:51:38.0797 2600 fvevol - ok
19:51:38.0833 2600 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:51:38.0835 2600 gagp30kx - ok
19:51:38.0909 2600 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:51:38.0916 2600 gpsvc - ok
19:51:39.0009 2600 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:39.0011 2600 gupdate - ok
19:51:39.0025 2600 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:39.0027 2600 gupdatem - ok
19:51:39.0115 2600 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
19:51:39.0136 2600 hardlock - ok
19:51:39.0159 2600 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:51:39.0160 2600 hcw85cir - ok
19:51:39.0211 2600 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:51:39.0218 2600 HdAudAddService - ok
19:51:39.0254 2600 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:51:39.0256 2600 HDAudBus - ok
19:51:39.0274 2600 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:51:39.0276 2600 HidBatt - ok
19:51:39.0294 2600 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:51:39.0296 2600 HidBth - ok
19:51:39.0316 2600 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:51:39.0317 2600 HidIr - ok
19:51:39.0342 2600 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:51:39.0344 2600 hidserv - ok
19:51:39.0383 2600 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:51:39.0384 2600 HidUsb - ok
19:51:39.0430 2600 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:51:39.0435 2600 hkmsvc - ok
19:51:39.0491 2600 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:51:39.0501 2600 HomeGroupListener - ok
19:51:39.0549 2600 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:51:39.0560 2600 HomeGroupProvider - ok
19:51:39.0597 2600 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:51:39.0599 2600 HpSAMD - ok
19:51:39.0671 2600 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:51:39.0679 2600 HTTP - ok
19:51:39.0693 2600 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:51:39.0695 2600 hwpolicy - ok
19:51:39.0722 2600 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:51:39.0724 2600 i8042prt - ok
19:51:39.0769 2600 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:51:39.0782 2600 iaStorV - ok
19:51:39.0904 2600 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:51:39.0915 2600 idsvc - ok
19:51:40.0247 2600 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:51:40.0311 2600 igfx - ok
19:51:40.0442 2600 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:51:40.0443 2600 iirsp - ok
19:51:40.0526 2600 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:51:40.0562 2600 IKEEXT - ok
19:51:40.0741 2600 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\Windows\system32\drivers\RTKVHDA.sys
19:51:40.0776 2600 IntcAzAudAddService - ok
19:51:40.0893 2600 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:51:40.0894 2600 intelide - ok
19:51:40.0929 2600 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:51:40.0931 2600 intelppm - ok
19:51:40.0961 2600 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:51:40.0966 2600 IPBusEnum - ok
19:51:40.0995 2600 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:40.0997 2600 IpFilterDriver - ok
19:51:41.0073 2600 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:51:41.0080 2600 iphlpsvc - ok
19:51:41.0094 2600 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:51:41.0096 2600 IPMIDRV - ok
19:51:41.0116 2600 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:51:41.0120 2600 IPNAT - ok
19:51:41.0150 2600 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:51:41.0151 2600 IRENUM - ok
19:51:41.0171 2600 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:51:41.0171 2600 isapnp - ok
19:51:41.0205 2600 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:51:41.0215 2600 iScsiPrt - ok
19:51:41.0244 2600 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:51:41.0246 2600 kbdclass - ok
19:51:41.0275 2600 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
19:51:41.0277 2600 kbdhid - ok
19:51:41.0309 2600 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:41.0311 2600 KeyIso - ok
19:51:41.0335 2600 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
19:51:41.0337 2600 KSecDD - ok
19:51:41.0357 2600 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
19:51:41.0370 2600 KSecPkg - ok
19:51:41.0398 2600 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:51:41.0404 2600 KtmRm - ok
19:51:41.0456 2600 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:51:41.0461 2600 LanmanServer - ok
19:51:41.0508 2600 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:51:41.0513 2600 LanmanWorkstation - ok
19:51:41.0659 2600 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:51:41.0662 2600 LBTServ - ok
19:51:41.0682 2600 LckFldService - ok
19:51:41.0741 2600 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:51:41.0742 2600 LHidFilt - ok
19:51:41.0766 2600 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:51:41.0768 2600 lltdio - ok
19:51:41.0800 2600 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:51:41.0809 2600 lltdsvc - ok
19:51:41.0817 2600 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:51:41.0820 2600 lmhosts - ok
19:51:41.0826 2600 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:51:41.0827 2600 LMouFilt - ok
19:51:41.0863 2600 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:51:41.0869 2600 LSI_FC - ok
19:51:41.0902 2600 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:51:41.0904 2600 LSI_SAS - ok
19:51:41.0931 2600 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:51:41.0934 2600 LSI_SAS2 - ok
19:51:41.0952 2600 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:51:41.0957 2600 LSI_SCSI - ok
19:51:41.0969 2600 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:51:41.0971 2600 luafv - ok
19:51:42.0012 2600 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
19:51:42.0013 2600 massfilter - ok
19:51:42.0046 2600 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
19:51:42.0047 2600 MBAMProtector - ok
19:51:42.0114 2600 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:51:42.0121 2600 MBAMService - ok
19:51:42.0177 2600 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:51:42.0183 2600 Mcx2Svc - ok
19:51:42.0214 2600 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:51:42.0217 2600 megasas - ok
19:51:42.0249 2600 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:51:42.0257 2600 MegaSR - ok
19:51:42.0353 2600 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:51:42.0355 2600 Microsoft Office Groove Audit Service - ok
19:51:42.0405 2600 MLPTDR_P (457746da312920874015bad2f44c8d51) C:\Windows\system32\MLPTDR_P.sys
19:51:42.0408 2600 MLPTDR_P - ok
19:51:42.0438 2600 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:51:42.0441 2600 MMCSS - ok
19:51:42.0473 2600 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:51:42.0475 2600 Modem - ok
19:51:42.0504 2600 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:51:42.0505 2600 monitor - ok
19:51:42.0541 2600 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:51:42.0542 2600 mouclass - ok
19:51:42.0551 2600 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:51:42.0552 2600 mouhid - ok
19:51:42.0606 2600 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:51:42.0608 2600 mountmgr - ok
19:51:42.0693 2600 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:51:42.0695 2600 MozillaMaintenance - ok
19:51:42.0728 2600 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:51:42.0741 2600 mpio - ok
19:51:42.0776 2600 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:51:42.0778 2600 mpsdrv - ok
19:51:42.0855 2600 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:51:42.0861 2600 MpsSvc - ok
19:51:42.0913 2600 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:51:42.0918 2600 MRxDAV - ok
19:51:42.0983 2600 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:42.0987 2600 mrxsmb - ok
19:51:43.0027 2600 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:43.0036 2600 mrxsmb10 - ok
19:51:43.0057 2600 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:43.0062 2600 mrxsmb20 - ok
19:51:43.0090 2600 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:51:43.0091 2600 msahci - ok
19:51:43.0126 2600 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:51:43.0131 2600 msdsm - ok
19:51:43.0170 2600 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:51:43.0182 2600 MSDTC - ok
19:51:43.0221 2600 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:51:43.0223 2600 Msfs - ok
19:51:43.0233 2600 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:51:43.0235 2600 mshidkmdf - ok
19:51:43.0267 2600 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:51:43.0269 2600 msisadrv - ok
19:51:43.0303 2600 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:51:43.0315 2600 MSiSCSI - ok
19:51:43.0325 2600 msiserver - ok
19:51:43.0352 2600 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:51:43.0353 2600 MSKSSRV - ok
19:51:43.0373 2600 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:43.0374 2600 MSPCLOCK - ok
19:51:43.0399 2600 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:51:43.0401 2600 MSPQM - ok
19:51:43.0420 2600 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:51:43.0431 2600 MsRPC - ok
19:51:43.0469 2600 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:51:43.0471 2600 mssmbios - ok
19:51:43.0486 2600 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:51:43.0487 2600 MSTEE - ok
19:51:43.0501 2600 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:51:43.0502 2600 MTConfig - ok
19:51:43.0528 2600 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
19:51:43.0529 2600 MTsensor - ok
19:51:43.0551 2600 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:51:43.0552 2600 Mup - ok
19:51:43.0609 2600 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:51:43.0615 2600 napagent - ok
19:51:43.0653 2600 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:51:43.0660 2600 NativeWifiP - ok
19:51:43.0707 2600 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:51:43.0718 2600 NDIS - ok
19:51:43.0748 2600 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:51:43.0750 2600 NdisCap - ok
19:51:43.0779 2600 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:43.0781 2600 NdisTapi - ok
19:51:43.0838 2600 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:43.0839 2600 Ndisuio - ok
19:51:43.0895 2600 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:43.0900 2600 NdisWan - ok
19:51:43.0951 2600 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:51:43.0953 2600 NDProxy - ok
19:51:43.0977 2600 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:51:43.0978 2600 NetBIOS - ok
19:51:44.0032 2600 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:51:44.0043 2600 NetBT - ok
19:51:44.0075 2600 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:44.0078 2600 Netlogon - ok
19:51:44.0126 2600 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:51:44.0132 2600 Netman - ok
19:51:44.0165 2600 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:51:44.0172 2600 netprofm - ok
19:51:44.0254 2600 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:44.0265 2600 NetTcpPortSharing - ok
19:51:44.0304 2600 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:51:44.0306 2600 nfrd960 - ok
19:51:44.0379 2600 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:51:44.0384 2600 NlaSvc - ok
19:51:44.0426 2600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:51:44.0428 2600 Npfs - ok
19:51:44.0460 2600 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:51:44.0464 2600 nsi - ok
19:51:44.0484 2600 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:51:44.0486 2600 nsiproxy - ok
19:51:44.0587 2600 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:51:44.0609 2600 Ntfs - ok
19:51:44.0730 2600 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:51:44.0732 2600 Null - ok
19:51:44.0787 2600 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:51:44.0801 2600 NVENETFD - ok
19:51:44.0842 2600 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
19:51:44.0844 2600 NVHDA - ok
19:51:45.0369 2600 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:51:45.0523 2600 nvlddmkm - ok
19:51:45.0657 2600 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:51:45.0659 2600 nvraid - ok
19:51:45.0675 2600 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:51:45.0677 2600 nvstor - ok
19:51:45.0769 2600 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
19:51:45.0780 2600 nvsvc - ok
19:51:45.0995 2600 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:51:46.0020 2600 nvUpdatusService - ok
19:51:46.0133 2600 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:51:46.0137 2600 nv_agp - ok
19:51:46.0259 2600 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:51:46.0264 2600 odserv - ok
19:51:46.0280 2600 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:51:46.0282 2600 ohci1394 - ok
19:51:46.0338 2600 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:46.0350 2600 ose - ok
19:51:46.0412 2600 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:51:46.0418 2600 p2pimsvc - ok
19:51:46.0451 2600 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:51:46.0465 2600 p2psvc - ok
19:51:46.0500 2600 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:51:46.0502 2600 Parport - ok
19:51:46.0543 2600 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:51:46.0545 2600 partmgr - ok
19:51:46.0558 2600 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:51:46.0560 2600 Parvdm - ok
19:51:46.0582 2600 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:51:46.0594 2600 PcaSvc - ok
19:51:46.0626 2600 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:51:46.0638 2600 pci - ok
19:51:46.0648 2600 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:51:46.0650 2600 pciide - ok
19:51:46.0684 2600 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:51:46.0695 2600 pcmcia - ok
19:51:46.0714 2600 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:51:46.0716 2600 pcw - ok
19:51:46.0769 2600 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:51:46.0782 2600 PEAUTH - ok
19:51:46.0903 2600 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:51:46.0931 2600 pla - ok
19:51:47.0068 2600 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:51:47.0074 2600 PlugPlay - ok
19:51:47.0131 2600 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
19:51:47.0137 2600 PnkBstrA - ok
19:51:47.0163 2600 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:51:47.0167 2600 PNRPAutoReg - ok
19:51:47.0195 2600 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:51:47.0200 2600 PNRPsvc - ok
19:51:47.0260 2600 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:51:47.0273 2600 PolicyAgent - ok
19:51:47.0359 2600 postgresql-8.4 - ok
19:51:47.0415 2600 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:51:47.0421 2600 Power - ok
19:51:47.0494 2600 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:51:47.0496 2600 PptpMiniport - ok
19:51:47.0520 2600 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:51:47.0522 2600 Processor - ok
19:51:47.0574 2600 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
19:51:47.0579 2600 ProfSvc - ok
19:51:47.0608 2600 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:47.0611 2600 ProtectedStorage - ok
19:51:47.0686 2600 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:51:47.0709 2600 ql2300 - ok
19:51:47.0826 2600 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:51:47.0831 2600 ql40xx - ok
19:51:47.0870 2600 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:51:47.0875 2600 QWAVE - ok
19:51:47.0907 2600 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:51:47.0909 2600 QWAVEdrv - ok
19:51:47.0928 2600 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:51:47.0930 2600 RasAcd - ok
19:51:47.0970 2600 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:47.0972 2600 RasAgileVpn - ok
19:51:47.0989 2600 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:51:48.0002 2600 RasAuto - ok
19:51:48.0020 2600 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:48.0022 2600 Rasl2tp - ok
19:51:48.0095 2600 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:51:48.0101 2600 RasMan - ok
19:51:48.0133 2600 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:48.0135 2600 RasPppoe - ok
19:51:48.0152 2600 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:51:48.0158 2600 RasSstp - ok
19:51:48.0184 2600 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:51:48.0193 2600 rdbss - ok
19:51:48.0223 2600 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:51:48.0225 2600 rdpbus - ok
19:51:48.0274 2600 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:48.0276 2600 RDPCDD - ok
19:51:48.0294 2600 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:51:48.0296 2600 RDPENCDD - ok
19:51:48.0334 2600 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:51:48.0337 2600 RDPREFMP - ok
19:51:48.0377 2600 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
19:51:48.0387 2600 RDPWD - ok
19:51:48.0451 2600 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:51:48.0462 2600 rdyboost - ok
19:51:48.0489 2600 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:51:48.0494 2600 RemoteAccess - ok
19:51:48.0524 2600 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:51:48.0537 2600 RemoteRegistry - ok
19:51:48.0567 2600 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:51:48.0572 2600 RpcEptMapper - ok
19:51:48.0602 2600 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:51:48.0606 2600 RpcLocator - ok
19:51:48.0671 2600 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:51:48.0679 2600 RpcSs - ok
19:51:48.0712 2600 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:51:48.0714 2600 rspndr - ok
19:51:48.0735 2600 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:51:48.0747 2600 RTL8167 - ok
19:51:48.0775 2600 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:48.0778 2600 SamSs - ok
19:51:48.0822 2600 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:51:48.0825 2600 sbp2port - ok
19:51:48.0861 2600 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:51:48.0873 2600 SCardSvr - ok
19:51:48.0912 2600 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:51:48.0913 2600 scfilter - ok
19:51:48.0994 2600 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:51:49.0004 2600 Schedule - ok
19:51:49.0052 2600 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:51:49.0055 2600 SCPolicySvc - ok
19:51:49.0104 2600 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:51:49.0116 2600 SDRSVC - ok
19:51:49.0152 2600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:51:49.0154 2600 secdrv - ok
19:51:49.0184 2600 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:51:49.0191 2600 seclogon - ok
19:51:49.0223 2600 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:51:49.0229 2600 SENS - ok
19:51:49.0255 2600 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:51:49.0263 2600 SensrSvc - ok
19:51:49.0307 2600 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:51:49.0309 2600 Serenum - ok
19:51:49.0345 2600 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:51:49.0347 2600 Serial - ok
19:51:49.0384 2600 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:51:49.0386 2600 sermouse - ok
19:51:49.0448 2600 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:51:49.0452 2600 SessionEnv - ok
19:51:49.0478 2600 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:51:49.0480 2600 sffdisk - ok
19:51:49.0491 2600 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:51:49.0493 2600 sffp_mmc - ok
19:51:49.0509 2600 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:51:49.0511 2600 sffp_sd - ok
19:51:49.0532 2600 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:51:49.0534 2600 sfloppy - ok
19:51:49.0580 2600 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:51:49.0593 2600 SharedAccess - ok
19:51:49.0662 2600 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:51:49.0674 2600 ShellHWDetection - ok
19:51:49.0712 2600 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:51:49.0713 2600 sisagp - ok
19:51:49.0746 2600 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:51:49.0748 2600 SiSRaid2 - ok
19:51:49.0774 2600 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:51:49.0776 2600 SiSRaid4 - ok
19:51:49.0802 2600 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:51:49.0804 2600 Smb - ok
19:51:49.0845 2600 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:51:49.0849 2600 SNMPTRAP - ok
19:51:49.0864 2600 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:51:49.0866 2600 spldr - ok
19:51:49.0926 2600 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:51:49.0940 2600 Spooler - ok
19:51:50.0144 2600 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:51:50.0179 2600 sppsvc - ok
19:51:50.0307 2600 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:51:50.0312 2600 sppuinotify - ok
19:51:50.0401 2600 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:51:50.0414 2600 srv - ok
19:51:50.0445 2600 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:51:50.0459 2600 srv2 - ok
19:51:50.0476 2600 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:51:50.0480 2600 srvnet - ok
19:51:50.0506 2600 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:51:50.0517 2600 SSDPSRV - ok
19:51:50.0535 2600 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:51:50.0541 2600 SstpSvc - ok
19:51:50.0569 2600 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:51:50.0572 2600 stexstor - ok
19:51:50.0643 2600 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:51:50.0660 2600 StiSvc - ok
19:51:50.0690 2600 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:51:50.0691 2600 swenum - ok
19:51:50.0891 2600 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:51:50.0908 2600 SwitchBoard - ok
19:51:50.0947 2600 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:51:50.0953 2600 swprv - ok
19:51:51.0080 2600 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:51:51.0095 2600 SysMain - ok
19:51:51.0146 2600 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:51:51.0160 2600 TabletInputService - ok
19:51:51.0216 2600 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:51:51.0224 2600 TapiSrv - ok
19:51:51.0255 2600 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:51:51.0260 2600 TBS - ok
19:51:51.0399 2600 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:51:51.0416 2600 Tcpip - ok
19:51:51.0628 2600 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:51:51.0635 2600 TCPIP6 - ok
19:51:51.0726 2600 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:51:51.0728 2600 tcpipreg - ok
19:51:51.0797 2600 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:51:51.0799 2600 TDPIPE - ok
19:51:51.0830 2600 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:51:51.0831 2600 TDTCP - ok
19:51:51.0878 2600 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:51:51.0880 2600 tdx - ok
19:51:51.0909 2600 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:51:51.0911 2600 TermDD - ok
19:51:51.0982 2600 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:51:51.0990 2600 TermService - ok
19:51:52.0011 2600 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:51:52.0016 2600 Themes - ok
19:51:52.0046 2600 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:51:52.0049 2600 THREADORDER - ok
19:51:52.0077 2600 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:51:52.0082 2600 TrkWks - ok
19:51:52.0150 2600 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:51:52.0161 2600 TrustedInstaller - ok
19:51:52.0178 2600 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:52.0179 2600 tssecsrv - ok
19:51:52.0230 2600 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:51:52.0232 2600 TsUsbFlt - ok
19:51:52.0293 2600 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:51:52.0297 2600 tunnel - ok
19:51:52.0327 2600 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:51:52.0329 2600 uagp35 - ok
19:51:52.0392 2600 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:51:52.0399 2600 udfs - ok
19:51:52.0518 2600 UI Assistant Service (13bff97e926bf8d9c1230cecc371a0c0) C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
19:51:52.0526 2600 UI Assistant Service - ok
19:51:52.0556 2600 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:51:52.0563 2600 UI0Detect - ok
19:51:52.0597 2600 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:51:52.0599 2600 uliagpkx - ok
19:51:52.0627 2600 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:51:52.0629 2600 umbus - ok
19:51:52.0660 2600 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:51:52.0661 2600 UmPass - ok
19:51:52.0695 2600 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:51:52.0701 2600 upnphost - ok
19:51:52.0753 2600 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:52.0755 2600 usbccgp - ok
19:51:52.0797 2600 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:51:52.0799 2600 usbcir - ok
19:51:52.0831 2600 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:51:52.0833 2600 usbehci - ok
19:51:52.0891 2600 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:51:52.0899 2600 usbhub - ok
19:51:52.0921 2600 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:51:52.0923 2600 usbohci - ok
19:51:52.0946 2600 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:51:52.0947 2600 usbprint - ok
19:51:53.0002 2600 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:51:53.0004 2600 usbscan - ok
19:51:53.0041 2600 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:53.0043 2600 USBSTOR - ok
19:51:53.0065 2600 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:51:53.0067 2600 usbuhci - ok
19:51:53.0098 2600 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:51:53.0103 2600 UxSms - ok
19:51:53.0133 2600 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:51:53.0136 2600 VaultSvc - ok
19:51:53.0175 2600 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:51:53.0176 2600 vdrvroot - ok
19:51:53.0243 2600 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:51:53.0250 2600 vds - ok
19:51:53.0297 2600 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:53.0300 2600 vga - ok
19:51:53.0313 2600 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:51:53.0314 2600 VgaSave - ok
19:51:53.0345 2600 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:51:53.0347 2600 vhdmp - ok
19:51:53.0377 2600 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:51:53.0379 2600 viaagp - ok
19:51:53.0405 2600 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:51:53.0407 2600 ViaC7 - ok
19:51:53.0414 2600 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:51:53.0416 2600 viaide - ok
19:51:53.0434 2600 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:51:53.0436 2600 volmgr - ok
19:51:53.0464 2600 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:51:53.0470 2600 volmgrx - ok
19:51:53.0508 2600 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:51:53.0515 2600 volsnap - ok
19:51:53.0559 2600 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:51:53.0571 2600 vsmraid - ok
19:51:53.0671 2600 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:51:53.0682 2600 VSS - ok
19:51:53.0699 2600 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:53.0701 2600 vwifibus - ok
19:51:53.0733 2600 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:53.0734 2600 vwififlt - ok
19:51:53.0775 2600 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:51:53.0781 2600 W32Time - ok
19:51:53.0810 2600 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:51:53.0813 2600 WacomPen - ok
19:51:53.0872 2600 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:51:53.0875 2600 WANARP - ok
19:51:53.0878 2600 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:51:53.0879 2600 Wanarpv6 - ok
19:51:53.0987 2600 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:51:54.0009 2600 wbengine - ok
19:51:54.0044 2600 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:51:54.0056 2600 WbioSrvc - ok
19:51:54.0121 2600 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:51:54.0137 2600 wcncsvc - ok
19:51:54.0149 2600 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:51:54.0157 2600 WcsPlugInService - ok
19:51:54.0206 2600 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:51:54.0208 2600 Wd - ok
19:51:54.0259 2600 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:51:54.0269 2600 Wdf01000 - ok
19:51:54.0281 2600 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:51:54.0286 2600 WdiServiceHost - ok
19:51:54.0296 2600 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:51:54.0300 2600 WdiSystemHost - ok
19:51:54.0359 2600 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:51:54.0365 2600 WebClient - ok
19:51:54.0411 2600 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:51:54.0416 2600 Wecsvc - ok
19:51:54.0429 2600 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:51:54.0434 2600 wercplsupport - ok
19:51:54.0461 2600 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:51:54.0466 2600 WerSvc - ok
19:51:54.0492 2600 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:54.0493 2600 WfpLwf - ok
19:51:54.0509 2600 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:51:54.0510 2600 WIMMount - ok
19:51:54.0599 2600 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:51:54.0612 2600 WinDefend - ok
19:51:54.0627 2600 WinHttpAutoProxySvc - ok
19:51:54.0696 2600 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:51:54.0706 2600 Winmgmt - ok
19:51:54.0806 2600 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:51:54.0819 2600 WinRM - ok
19:51:54.0903 2600 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:51:54.0905 2600 WinUsb - ok
19:51:54.0976 2600 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:51:54.0991 2600 Wlansvc - ok
19:51:55.0167 2600 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:51:55.0193 2600 wlidsvc - ok
19:51:55.0321 2600 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:51:55.0322 2600 WmiAcpi - ok
19:51:55.0378 2600 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:51:55.0390 2600 wmiApSrv - ok
19:51:55.0528 2600 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:51:55.0543 2600 WMPNetworkSvc - ok
19:51:55.0645 2600 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:51:55.0650 2600 WPCSvc - ok
19:51:55.0703 2600 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:51:55.0717 2600 WPDBusEnum - ok
19:51:55.0769 2600 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:51:55.0771 2600 ws2ifsl - ok
19:51:55.0790 2600 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:51:55.0805 2600 wscsvc - ok
19:51:55.0809 2600 WSearch - ok
19:51:55.0936 2600 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:51:55.0961 2600 wuauserv - ok
19:51:56.0092 2600 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:51:56.0095 2600 WudfPf - ok
19:51:56.0119 2600 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:56.0123 2600 WUDFRd - ok
19:51:56.0179 2600 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:51:56.0194 2600 wudfsvc - ok
19:51:56.0222 2600 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:51:56.0257 2600 WwanSvc - ok
19:51:56.0307 2600 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:51:56.0310 2600 ZTEusbmdm6k - ok
19:51:56.0355 2600 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:51:56.0360 2600 ZTEusbnmea - ok
19:51:56.0383 2600 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:51:56.0387 2600 ZTEusbser6k - ok
19:51:56.0413 2600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:51:56.0617 2600 \Device\Harddisk0\DR0 - ok
19:51:56.0621 2600 Boot (0x1200) (2a8eda088ad668107b05fd3cebacc0f4) \Device\Harddisk0\DR0\Partition0
19:51:56.0622 2600 \Device\Harddisk0\DR0\Partition0 - ok
19:51:56.0623 2600 ============================================================
19:51:56.0623 2600 Scan finished
19:51:56.0623 2600 ============================================================
19:51:56.0637 3860 Detected object count: 1
19:51:56.0637 3860 Actual detected object count: 1
19:53:46.0136 3860 c:\program files\common files\akamai/netsession_win_4f7fccd.dll - copied to quarantine
19:53:46.0137 3860 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine
19:56:04.0340 2096 Deinitialize success
|
|
23.07.2012, 22:25
| #12 |
| /// Helfer-Team | BKA Trojaner - kein internet mehr möglich Sehr gut! Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
24.07.2012, 10:15
| #13 |
| | BKA Trojaner - kein internet mehr möglich moin t'john  wiedermal alles ausgeführt. IE Desktop-Icon wurde nicht erstellt und Standardbrowser anscheinend auch nicht geändert sonst lief alles wie von dir beschrieben. Combofix Logfile: Code:
ATTFilter ComboFix 12-07-25.02 - Ce 24.07.2012 10:41:19.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1810 [GMT 2:00]
ausgeführt von:: c:\users\Ce\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ce\AppData\Roaming\Adobe\plugs
c:\users\Ce\AppData\Roaming\Adobe\shed
c:\windows\IsUn0407.exe
c:\windows\system32\fldlckun.exe
c:\windows\system32\msvcrt.1
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-24 bis 2012-07-24 ))))))))))))))))))))))))))))))
.
.
2012-07-24 08:50 . 2012-07-24 08:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F854F467-D729-49A4-A917-EC9323D33933}\offreg.dll
2012-07-24 08:50 . 2012-07-24 08:54 -------- d-----w- c:\users\Ce\AppData\Local\temp
2012-07-24 08:50 . 2012-07-24 08:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-24 08:50 . 2012-07-24 08:50 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-07-24 08:50 . 2012-07-24 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 07:56 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F854F467-D729-49A4-A917-EC9323D33933}\mpengine.dll
2012-07-23 17:53 . 2012-07-23 17:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-22 17:48 . 2012-07-23 06:58 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-07-22 15:19 . 2012-07-22 15:19 -------- d-----w- c:\users\Ce\AppData\Local\Macromedia
2012-07-22 15:18 . 2012-07-22 15:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-22 15:08 . 2012-07-22 15:08 -------- d-----w- c:\program files\Common Files\Java
2012-07-22 15:07 . 2012-07-22 15:07 -------- d-----w- c:\program files\Oracle
2012-07-22 15:07 . 2012-07-22 15:06 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-21 21:58 . 2012-07-21 21:58 -------- d-----w- C:\_OTL
2012-07-21 13:11 . 2012-07-21 13:11 -------- d-----w- c:\users\Ce\AppData\Roaming\Malwarebytes
2012-07-21 13:10 . 2012-07-21 13:10 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 13:10 . 2012-07-21 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 13:10 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 11:42 . 2012-07-21 14:24 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-11 11:29 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-05 07:48 . 2012-07-05 07:54 -------- d-----w- c:\users\Ce\AppData\Local\Nemex
2012-07-05 07:48 . 2012-07-05 07:48 -------- d-----w- c:\users\Ce\AppData\Roaming\Mouse Recorder Pro
2012-07-05 07:48 . 2012-07-05 07:48 -------- d-----w- c:\program files\Mouse Recorder Pro 2
2012-07-01 14:31 . 2012-07-01 14:31 -------- d-----w- c:\users\Ce\AppData\Roaming\inkscape
2012-07-01 14:26 . 2012-07-23 13:44 -------- d-----w- C:\Master-Progs
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 15:18 . 2012-02-11 12:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2010-10-08 12:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21 . 2010-02-04 14:43 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-24 15:46 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-04-07 00:02 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-02-04 14:43 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-02-04 14:43 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-02-04 14:43 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-01-14 13:30 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-02-04 14:43 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-22 07:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:40 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 07:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 07:40 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 07:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 07:39 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 07:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-02-04 17:21 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-17 21:40 . 2012-02-09 18:44 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-17 21:40 . 2012-02-09 18:16 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-17 21:15 . 2012-02-09 18:17 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-17 21:14 . 2012-02-09 18:16 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-01 04:44 . 2012-06-13 07:47 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 07:49 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 07:48 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 07:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 07:48 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 13:06 . 2011-05-07 17:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 15:43 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-19 17:08 3477312 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-05-05 09:48 119608 ----a-w- c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-09-30 12:00 139088 ----a-w- c:\program files\1&1 Surf-Stick\UIExec.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MLPTDR_P;MLPTDR_P;c:\windows\system32\MLPTDR_P.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 15:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{027BA166-85AE-4FB6-AB5E-C66FE5727086}: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ce\AppData\Roaming\Mozilla\Firefox\Profiles\rebk78j5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-KONICA MINOLTA magicolor2300WStatusDisplay - c:\windows\system32\MSTMON_P.EXE
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
AddRemove-AutoCAD 2000 - Deutsch Deinstaller - c:\windows\unin0407.exe
AddRemove-Farm Frenzy 3 - Madagascar 1.0.0.0 - c:\spiele\Farm Frenzy 3\Madagascar\Uninstall.exe
AddRemove-StarMoney 3.0 S-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1991458982-1511798740-764840806-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,60,26,36,ae,77,cd,7b,8a,e5,01,f0,94,83,93,00,47,c3,22,a5,31,
b1,91,f7,a9,a1,56,5c,7b,75,7c,36,c0,5a,a3,28,57,c8,ec,c3,b9,bb,1f,3a,88,b5,\
"rkeysecu"=hex:a8,4a,53,db,0a,1a,3e,48,7c,de,eb,98,c6,87,96,e6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-24 10:58:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-24 08:58
.
Vor Suchlauf: 17 Verzeichnis(se), 80.213.032.960 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 80.006.860.800 Bytes frei
.
- - End Of File - - B0CF41B3B701B955B7785D944D3B0E91
Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958) 1&1 Surf-Stick 1ClickDownload 7-Zip 9.20 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe InDesign CS Adobe InDesign CS5 Adobe Photoshop CS Adobe Reader X (10.1.3) - Deutsch Adobe Shockwave Player 11.6 Akamai NetSession Interface Akamai NetSession Interface Service ArcGIS Desktop 10 ArcGIS Desktop 10 German Supplement ArcGIS Desktop 10 Tutorial Data AutoCAD 2000 - Deutsch AutoCAD 2009 - Deutsch Autodesk 123D Catch avast! Free Antivirus Battlefield Heroes Brother MFL-Pro Suite MFC-J410 CCleaner Curse Client D3DX10 DAEMON Tools Lite DivX-Setup eReg F1 2011 Farm Frenzy 3 - Madagascar 1.0.0.0 FileZilla Client 3.5.3 Free Video Converter V 3.1 FUSSBALL MANAGER 09 GIMP 2.6.11 Google Chrome Google Earth Google Update Helper Holdem Manager ICQ7.4 Inkscape 0.48.2 Java Auto Updater Java(TM) 6 Update 31 Java(TM) 7 Update 5 JavaFX 2.1.1 JDownloader KONICA MINOLTA magicolor2300W Logitech SetPoint 6.20 LuckyAcePoker.com MAGIX Web Designer 7 Premium MAGNETO-ARCH 1.00-00 Malwarebytes Anti-Malware Version 1.62.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft IntelliType Pro 8.2 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Native Client Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XML Parser und SDK Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mouse Recorder Pro 2.0.7.4 Mozilla Firefox 13.0.1 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Need for Speed™ SHIFT NVIDIA Display Control Panel NVIDIA Drivers NVIDIA Grafiktreiber 275.33 NVIDIA Install Application NVIDIA PhysX NVIDIA Systemsteuerung 275.33 NVIDIA Update 1.3.5 NVIDIA Update Components OpenAL PaperPort Image Printer Patrizier 4 PDF Settings CS5 PDFCreator pdfforge Toolbar v6.0 PokerStars PostgreSQL 8.4 ProtectDisc Driver, Version 11 PunkBuster Services PVSonyDll Rapture3D 2.4.9 Game Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader ScanSoft PaperPort 11 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype™ 4.1 smartision ScreenCopy 2.3 StarMoney 3.0 S-Edition StarMoney 4.0 S-Edition Surfer 8 swMSM TeamSpeak 2 RC2 TeamSpeak 3 Client Thrustmaster Force Feedback Driver TmNationsForever Ulead PhotoImpact 8 SE Ultra Defragmenter Unity Web Player Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition UseNeXT VBA (2627.01) VBA (2701.01) VC80CRTRedist - 8.0.50727.4053 VLC media player 1.0.5 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR Archivierer WinTopo Pro |
|
25.07.2012, 00:25
| #14 |
| /// Helfer-Team | BKA Trojaner - kein internet mehr möglich Sehr gut! Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
25.07.2012, 10:01
| #15 |
| | BKA Trojaner - kein internet mehr möglich moin du Nachteule, Installiert/Gelöscht und Einstellungen geändert, war ja diesmal ganz einfach. Was mach ich denn mit den ganzen Scannern (Malewarebytes/OTL/adwcleaner/TDSSKiller/Combofix) die noch auf meinem Desktop liegen? Unter C sind durch unsere scannerei etliche Ordner und Logdateien entstanden, können die weg oder sollen die noch bleiben? |
|
| Themen zu BKA Trojaner - kein internet mehr möglich |
| anderen, anleitung, applaus, brenner, daten, daten verschlüsselt, direkt, dringend, ergebnisse, folge, funktioniert, hallo zusammen, internet, kaspersky, kein internet, locker, logfile, meldung, nicht öffnen, nichts, probleme, rechner, retten, stick, tan, task-manager, trojaner, windowsunlocker, zahlen, öffnen |
Linear-Darstellung
