Internetseite(Tesyxaltert.us) öffnet sich nach hochfahren automatisch, kann nichts machen.

whitejack88 · 11.01.2013, 00:00

Hallo liebe Helfer,

wenn ich mein PC starte, öffnet sich sofort der Internet Explorer und die Seite "Tesyxalter.us" öffnet sich im Vollbildmodus und ich kann nichts machen...
Habe die Logfiles vom defogger, OTL und GMER geposet, falls noch etwas erforderlich ist, bitte bescheid sagen, hatte noch nie mit solchen Problemen zu tun. Auf dem Rechner läuft Windows 7 Ultimate 32bit und avast FreeAntivirus.

Ich bedanke mich schonmal vielmals im Voraus.

defogger

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:37 on 10/01/2013 (Heiko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL

Zitat:

뿃뻃OTL logfile created on: 10.01.2013 17:41:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heiko\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 82,72% Memory free
3,98 Gb Paging File | 3,67 Gb Available in Paging File | 92,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 13,79 Gb Free Space | 23,53% Space Free | Partition Type: NTFS
Drive D: | 239,49 Gb Total Space | 213,37 Gb Free Space | 89,09% Space Free | Partition Type: NTFS

Computer Name: HEIKO-PC | User Name: Heiko | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.10 17:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
PRC - [2010.03.09 11:49:11 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.01 02:59:04 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\WM-Kat_Technik\pgsql\bin\pg_ctl.exe -- (WorkshopDbService)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Stopped] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2010.03.18 21:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\Windows\System32\Crypserv.exe -- (CrypKey License)
SRV - [2010.03.09 11:45:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2012.07.16 16:36:06 | 000,083,872 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.07.16 16:36:06 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.03.19 00:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 C7 DA 4B CB 1A CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{22473430-1697-47DD-AE17-17314EC6A8F9}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{41964964-29F5-482C-B773-2A0BD86439AC}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5CE1414F-3909-447B-8DC8-8B7E0A1066F8}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{625E3914-FC82-44D7-8037-AABBE55C959B}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Heiko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Heiko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Heiko\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Heiko\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Heiko\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [SedServer] C:\Program Files\WM-Kat_Technik\Sed.exe ()
O4 - HKLM..\Run: [WEB.DE MailCheck Broker] C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKCU..\Run: [sv뇃栀쌀®st] C:\Users\Heiko\4068654.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D328F53D-6755-43C6-8CB3-A2C008BF3783}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{667ece8c-d024-11e1-9089-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{667ece8c-d024-11e1-9089-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoDS.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.10 17:36:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2013.01.10 08:21:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.01 12:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WM-KAT ATRis

========== Files - Modified Within 30 Days ==========

[2013.01.10 17:37:16 | 000,000,000 | ---- | M] () -- C:\Users\Heiko\defogger_reenable
[2013.01.10 17:37:03 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 17:37:03 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 17:37:03 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 17:37:03 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.10 17:33:14 | 000,365,568 | ---- | M] () -- C:\Users\Heiko\Desktop\gmer-2.0.18444.exe
[2013.01.10 17:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2013.01.10 17:31:26 | 000,050,477 | ---- | M] () -- C:\Users\Heiko\Desktop\Defogger.exe
[2013.01.10 17:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 17:14:31 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 17:01:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.10 16:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138367750-3481807868-3657384447-1001UA.job
[2013.01.10 13:31:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.10 08:24:24 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 08:24:24 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 14:50:08 | 000,029,184 | RHS- | M] () -- C:\Users\Heiko\4068654.exe
[2013.01.04 07:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138367750-3481807868-3657384447-1001Core.job
[2013.01.01 12:52:35 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\WM-Kat_Technik.lnk
[2013.01.01 12:40:48 | 000,000,575 | ---- | M] () -- C:\Windows\setup.iss
[2013.01.01 12:13:17 | 000,001,562 | ---- | M] () -- C:\Users\Public\Desktop\WM-KAT ATRis.lnk
[2013.01.01 12:13:16 | 000,000,339 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.01.01 12:13:16 | 000,000,295 | ---- | M] () -- C:\Windows\Atris_WM.INI
[2012.12.12 13:53:28 | 000,002,487 | ---- | M] () -- C:\Users\Heiko\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013.01.10 17:37:16 | 000,000,000 | ---- | C] () -- C:\Users\Heiko\defogger_reenable
[2013.01.10 17:36:07 | 000,365,568 | ---- | C] () -- C:\Users\Heiko\Desktop\gmer-2.0.18444.exe
[2013.01.10 17:36:07 | 000,050,477 | ---- | C] () -- C:\Users\Heiko\Desktop\Defogger.exe
[2013.01.08 14:50:08 | 000,029,184 | RHS- | C] () -- C:\Users\Heiko\4068654.exe
[2013.01.01 12:13:17 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\WM-KAT ATRis.lnk
[2013.01.01 12:13:16 | 000,000,295 | ---- | C] () -- C:\Windows\Atris_WM.INI
[2012.07.16 16:36:06 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.07.16 16:36:06 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.01.08 11:55:05 | 000,000,087 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.01.08 11:54:56 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.01.08 11:54:56 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011.05.25 15:16:25 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLbNL.DLL
[2011.05.25 13:25:50 | 000,000,339 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.25 13:25:50 | 000,000,200 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.08.11 14:52:26 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.08.21 12:35:27 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\1&1 Mail & Media GmbH
[2011.06.14 13:55:51 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DVSE GmbH

========== Purity Check ==========

< End of report >

OTL Extras

Zitat:

뿃뻃OTL Extras logfile created on: 10.01.2013 17:41:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heiko\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 82,72% Memory free
3,98 Gb Paging File | 3,67 Gb Available in Paging File | 92,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 13,79 Gb Free Space | 23,53% Space Free | Partition Type: NTFS
Drive D: | 239,49 Gb Total Space | 213,37 Gb Free Space | 89,09% Space Free | Partition Type: NTFS

Computer Name: HEIKO-PC | User Name: Heiko | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B6203F-B66E-4193-A1E6-1B015C0DDA58}" = lport=138 | protocol=17 | dir=in | app=system |
"{2608C9D6-1B22-4ED3-BCA7-9C08EBB513AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{306D028F-A0D1-437D-A58E-834823424D27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{438BAC40-A474-4B65-9C4E-451F189AD100}" = lport=137 | protocol=17 | dir=in | app=system |
"{4FC854C8-3A9B-44FC-8860-3942ACD7BEB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{55A46C08-4855-4BB4-A814-98C9070721DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61413241-9148-4DC7-9886-0AA89F3ED720}" = rport=445 | protocol=6 | dir=out | app=system |
"{656CF75B-C164-49A6-8308-4E400B6DD87F}" = rport=137 | protocol=17 | dir=out | app=system |
"{6CE26F5E-A48B-4E1C-815F-4BFCB0EA83A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EB89953-716D-4959-9223-4C09727D9204}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{739D2700-0F58-4164-8363-42D7814B90FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74B354F5-480C-4113-AEE8-084FB1E96B3F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{777CA6F3-68B9-4C87-A249-F01618BD9911}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8077D51B-16E5-4CF8-9EBA-53A69407B8C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8510AD99-9066-4E85-944C-B7C367439594}" = lport=139 | protocol=6 | dir=in | app=system |
"{915BC8E5-6C71-405F-ACBF-0DB76ABA5B06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9F826D36-F8F2-416D-AA86-822F2E517625}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B5991978-28EF-4CBD-82CD-D9B1127D3A0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC5B70BE-804C-4E06-A385-ABBACF5DDDEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF434906-616D-427E-A3D9-A5513E4B380F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D7C1A47A-3F53-4208-95F1-B487C5C6F10C}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF317069-5D1C-4B35-8D35-6C7C1E8E8E1C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E82E8FBC-5AB5-4CE6-AA90-D74A0C928055}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A84803F-9B02-430D-8042-8A0EAFD4A70E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E3E207B-C367-4811-B440-0AB85C44E1BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{17C56511-1CCC-485E-8DA8-38753DC28ACB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19D3149B-F57E-4E8A-B583-E6768275034C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2CD4C3CA-6A2F-41B1-9625-EAD3A340BAEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{32800DA2-2843-48E9-82C1-12B1D4D96BA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4215F915-B1C5-43C2-9EE8-645636B516FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C42A1A1-2BD2-490E-A036-59DB49E096A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4CF2E2A3-5C03-4704-B036-22696C328F30}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{530B86AF-4C54-42EB-B986-6AE072640768}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{6050BAE1-8D94-4BC1-9B4E-4F73C79E44F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7679D146-75D7-468F-A62C-6BDE435191FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80BAFAB2-4066-4125-90BE-806399B15D03}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{80BF74CF-74CC-45AB-8CD0-506774739041}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81A10485-411E-49D4-92E7-7EB0AE35CE59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEABA9A0-E40F-4021-85C4-4CC9D3680C01}" = protocol=6 | dir=out | app=system |
"{C21537D3-D5A9-4A9E-9B09-820181A907A7}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{CFDF638B-CAD7-4300-85E2-968A196E5B31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E18F5D4B-388E-405D-82F3-DC2152091889}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3B1C533-36AA-4C75-9E28-AB84953BB686}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{112699A6-EDCE-451F-89F3-3A5978A98D04}C:\atris_wm\katcd\atris_wm.exe" = protocol=6 | dir=in | app=c:\atris_wm\katcd\atris_wm.exe |
"TCP Query User{33087FEB-9870-4AAE-B5F6-BA8D7D010474}C:\users\heiko\appdata\local\programs\andi 2012\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\heiko\appdata\local\programs\andi 2012\jre6\bin\javaw.exe |
"TCP Query User{FB76DC6B-6FAF-44EE-AC23-8302D9A768C0}C:\program files\wm-kat_technik\sed.exe" = protocol=6 | dir=in | app=c:\program files\wm-kat_technik\sed.exe |
"UDP Query User{5239040B-C73A-4514-8221-8A3E06AAA88E}C:\users\heiko\appdata\local\programs\andi 2012\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\heiko\appdata\local\programs\andi 2012\jre6\bin\javaw.exe |
"UDP Query User{70A37E4C-7B73-433A-88B6-83474CA18684}C:\program files\wm-kat_technik\sed.exe" = protocol=17 | dir=in | app=c:\program files\wm-kat_technik\sed.exe |
"UDP Query User{F63A1C2F-2322-4E1F-B656-8B1E719A8565}C:\atris_wm\katcd\atris_wm.exe" = protocol=17 | dir=in | app=c:\atris_wm\katcd\atris_wm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C919D4-4993-482C-ABC6-781962BB3618}" = ANDI 2011
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3B850B40-DFD6-4E75-AD94-4E7AF66C544A}" = Bestellsystem
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E95F911-B344-48FB-8E5E-1CED78E0FBDE}" = ATRis Wessels+M볃氀氀攀爀 ⠀　㄀⼀㈀　㄀㌀⤀ഀ਀∀笀㔀㈀㄀㘀㜀䈀　䌀ⴀ䘀䈀㔀䐀ⴀ㐀㌀䔀㜀ⴀ䈀䔀䌀㔀ⴀ㈀㐀䔀䔀㘀䈀䔀䔀㈀䈀䄀　紀∀ 㴀䐀嘀匀䔀唀瀀搀愀琀攀爀ഀ਀∀笀㘀㄀㌀　㌀　㄀　ⴀ㈀㈀㠀䐀ⴀ㐀㔀䐀䌀ⴀ䄀㌀　䄀ⴀ㜀䔀䘀䘀䘀㐀㌀䄀䈀㔀㠀㐀紀∀ 㴀匀琀愀爀䴀漀渀攀礀㜀⸀　 ഀ਀∀笀㘀㌀䈀㤀㈀㈀㐀䄀ⴀ㠀㤀䌀㤀ⴀ㐀㐀䔀㘀ⴀ㠀㈀㔀㈀ⴀ㔀䘀㈀䘀㜀㌀䄀㜀㄀䌀㔀㐀紀∀ 㴀匀琀愀爀䴀漀渀攀礀ഀ਀∀笀㜀㄀㐀㠀䘀　䄀㠀ⴀ㘀㠀㄀㌀ⴀ㄀㄀䐀㘀ⴀ䄀㜀㜀䈀ⴀ　　䈀　䐀　㄀㐀㈀　　　紀∀ 㴀䨀愀瘀愀㈀刀甀渀琀椀洀攀䔀渀瘀椀爀漀渀洀攀渀琀Ⰰ 匀䔀瘀㄀⸀㐀⸀㈀ഀ਀∀笀㜀㄀㘀䔀　㌀　㘀ⴀ㠀㌀㄀㠀ⴀ㐀㌀㘀㐀ⴀ㠀䈀㠀䘀ⴀ　䌀䌀㐀䔀㤀㌀㜀㘀䈀䄀䌀紀∀ 㴀䴀匀堀䴀䰀㐀⸀　匀倀㈀倀愀爀猀攀爀甀渀搀匀䐀䬀ഀ਀∀笀㜀㔀㤀㠀䔀㌀䐀㠀ⴀ㐀㠀䐀䔀ⴀ㐀䌀㜀䈀ⴀ㤀䔀㠀䔀ⴀ㤀㐀㔀䈀㘀䄀䐀䈀　㜀㄀䄀紀∀ 㴀䄀一䐀䤀㈀　㄀㈀ഀ਀∀笀㠀㜀㤀䌀㔀㈀䄀㈀ⴀ䘀䘀㤀䄀ⴀ㐀䌀䈀㔀ⴀ䈀䈀㜀㐀ⴀ䈀　䐀䄀㤀㤀㐀䄀䈀䈀㈀䄀紀∀ 㴀匀琀愀爀䴀漀渀攀礀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀㔀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀䄀挀挀攀猀猀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀㘀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀䔀砀挀攀氀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀㠀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀倀漀眀攀爀倀漀椀渀琀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀㤀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀倀甀戀氀椀猀栀攀爀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀䄀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀伀甀琀氀漀漀欀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀䈀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀圀漀爀搀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀䘀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀倀爀漀漀昀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀䘀ⴀ　㐀　㤀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀倀爀漀漀昀 ⠀䔀渀最氀椀猀栀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀䘀ⴀ　㐀　䌀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀倀爀漀漀昀 ⠀䘀爀攀渀挀栀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㄀䘀ⴀ　㐀㄀　ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀倀爀漀漀昀 ⠀䤀琀愀氀椀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㈀䌀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀倀爀漀漀昀椀渀最 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㌀　ⴀ　　　　ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀䔀渀琀攀爀瀀爀椀猀攀㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㐀㐀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀䤀渀昀漀倀愀琀栀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　㘀䔀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀匀栀愀爀攀搀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　䄀㄀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀伀渀攀一漀琀攀䴀唀䤀 ⠀䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀㤀　㄀㈀　　　　ⴀ　　䈀䄀ⴀ　㐀　㜀ⴀ　　　　ⴀ　　　　　　　䘀䘀㄀䌀䔀紀∀ 㴀䴀椀挀爀漀猀漀昀琀伀昀昀椀挀攀䜀爀漀漀瘀攀䴀唀䤀 ⠀ 䜀攀爀洀愀渀⤀ ㈀　　㜀ഀ਀∀笀䄀㤀㈀䐀䄀䈀㌀㤀ⴀ㐀䔀㈀䌀ⴀ㐀㌀　㐀ⴀ㤀䄀䈀㘀ⴀ䈀䌀㐀㐀䔀㘀㠀䈀㔀㔀䔀㈀紀∀ 㴀䜀漀漀最氀攀唀瀀搀愀琀攀䠀攀氀瀀攀爀ഀ਀∀笀䄀䌀㜀㘀䈀䄀㠀㘀ⴀ㜀䄀䐀㜀ⴀ㄀　㌀㄀ⴀ㜀䈀㐀㐀ⴀ䄀䄀㄀　　　　　　　　㄀紀∀ 㴀䄀搀漀戀攀刀攀愀搀攀爀堀 ⠀㄀　⸀㄀⸀㔀⤀ ⴀ 䐀攀甀琀猀挀栀ഀ਀∀笀䔀㌀　㌀　㈀㌀䘀ⴀ䐀　䐀㈀ⴀ㐀㔀㜀䌀ⴀ㠀䄀䈀䈀ⴀ㘀㘀䐀㈀㐀㈀䐀䘀䐀䄀㤀㈀紀∀ 㴀䐀愀琀攀渀猀攀爀瘀椀挀攀ഀ਀∀㄀☀㄀䴀愀椀氀 ☀ 䴀攀搀椀愀䜀洀戀䠀㄀甀渀搀㄀匀漀昀琀眀愀爀攀愀欀琀甀愀氀椀猀椀攀爀甀渀最∀ 㴀圀䔀䈀⸀䐀䔀匀漀昀琀眀愀爀攀愀欀琀甀愀氀椀猀椀攀爀甀渀最ഀ਀∀ ㄀☀㄀䴀愀椀氀 ☀ 䴀攀搀椀愀䜀洀戀䠀吀漀漀氀戀愀爀䤀䔀㠀∀ 㴀圀䔀䈀⸀䐀䔀䴀愀椀氀䌀栀攀挀欀昀쌀¼r Internet Explorer
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"H&S Teilefinder SmartClient" = H&S Teilefinder SmartClient
"H+R Gutachten" = H+R Gutachten
"sv.net" = sv.net
"WM-Kat_Technik" = WM-Kat_Technik

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17.07.2012 12:41:10 | Computer Name = Heiko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.EXE_InstallShield (R), Version:
10.0.0.159, Zeitstempel: 0x4083592c Name des fehlerhaften Moduls: iuser.dll, Version:
10.0.0.159, Zeitstempel: 0x408357fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010e45
ID
des fehlerhaften Prozesses: 0x450 Startzeit der fehlerhaften Anwendung: 0x01cd643af190b5c3
Pfad
der fehlerhaften Anwendung: C:\Users\Heiko\AppData\Local\Temp\DVSE_DVD\Setup.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
Berichtskennung:
36342750-d02e-11e1-9089-00241d151f98

Error - 19.07.2012 13:14:39 | Computer Name = Heiko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atris_wm.exe, Version: 1.0.0.1, Zeitstempel:
0x4fd9ba49 Name des fehlerhaften Moduls: SHW32.dll, Version: 4.0.1.0, Zeitstempel:
0x363f46f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000249f ID des fehlerhaften Prozesses:
0x254 Startzeit der fehlerhaften Anwendung: 0x01cd657407e32939 Pfad der fehlerhaften
Anwendung: C:\ATRIS_WM\KatCd\atris_wm.exe Pfad des fehlerhaften Moduls: C:\ATRIS_WM\KatCd\SHW32.dll
Berichtskennung:
38672056-d1c5-11e1-8562-00241d151f98

Error - 27.07.2012 02:29:15 | Computer Name = Heiko-PC | Source = VSS | ID = 8194
Description =

Error - 28.08.2012 07:14:45 | Computer Name = Heiko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atris_wm.exe, Version: 1.0.0.1, Zeitstempel:
0x4fd9ba49 Name des fehlerhaften Moduls: SHW32.dll, Version: 4.0.1.0, Zeitstempel:
0x363f46f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001fc0 ID des fehlerhaften Prozesses:
0xdd8 Startzeit der fehlerhaften Anwendung: 0x01cd84e30367a589 Pfad der fehlerhaften
Anwendung: C:\ATRIS_WM\KatCd\atris_wm.exe Pfad des fehlerhaften Moduls: C:\ATRIS_WM\KatCd\SHW32.dll
Berichtskennung:
91e83372-f101-11e1-a3ec-00241d151f98

Error - 03.10.2012 04:52:03 | Computer Name = Heiko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.EXE_InstallShield (R), Version:
10.0.0.159, Zeitstempel: 0x4083592c Name des fehlerhaften Moduls: iuser.dll, Version:
10.0.0.159, Zeitstempel: 0x408357fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010e45
ID
des fehlerhaften Prozesses: 0xe6c Startzeit der fehlerhaften Anwendung: 0x01cda14453321849
Pfad
der fehlerhaften Anwendung: C:\Users\Heiko\AppData\Local\Temp\DVSE_DVD\Setup.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
Berichtskennung:
998462e9-0d37-11e2-a8a2-00241d151f98

Error - 03.10.2012 04:52:48 | Computer Name = Heiko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.EXE_InstallShield (R), Version:
10.0.0.159, Zeitstempel: 0x4083592c Name des fehlerhaften Moduls: iuser.dll, Version:
10.0.0.159, Zeitstempel: 0x408357fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010e45
ID
des fehlerhaften Prozesses: 0x428 Startzeit der fehlerhaften Anwendung: 0x01cda1446fe1acbb
Pfad
der fehlerhaften Anwendung: C:\Users\Heiko\AppData\Local\Temp\DVSE_DVD\Setup.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
Berichtskennung:
b4877fa8-0d37-11e2-a8a2-00241d151f98

Error - 26.11.2012 08:17:38 | Computer Name = Heiko-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgef볃栀爀琀眀攀爀搀攀渀甀渀搀眀甀爀搀攀戀攀攀渀搀攀琀⸀ 쌀œberpr볃昀攀渀匀椀攀搀攀渀倀爀漀戀氀攀洀瘀攀爀氀愀甀昀 ഀ਀椀渀搀攀爀圀愀爀琀甀渀最猀挀攀渀琀攀爀ⴀ匀礀猀琀攀洀猀琀攀甀攀爀甀渀最Ⰰ 甀洀渀愀挀栀眀攀椀琀攀爀攀渀䤀渀昀漀爀洀愀琀椀漀渀攀渀稀甀洀倀爀漀戀氀攀洀ഀ਀ 稀甀猀甀挀栀攀渀⸀ 倀爀漀稀攀猀猀ⴀ䤀䐀㨀昀㐀　匀琀愀爀琀稀攀椀琀㨀　㄀挀搀挀戀戀愀㠀㄀挀挀㈀㌀㘀㠀䔀渀搀稀攀椀琀㨀㐀㘀䄀渀眀攀渀搀甀渀最猀瀀昀愀搀㨀 ഀ਀䌀㨀尀倀爀漀最爀愀洀䘀椀氀攀猀尀䤀渀琀攀爀渀攀琀䔀砀瀀氀漀爀攀爀尀椀攀砀瀀氀漀爀攀⸀攀砀攀䈀攀爀椀挀栀琀猀ⴀ䤀䐀㨀㐀㄀搀㐀㔀愀㈀㈀ⴀ㌀㜀挀㌀ⴀ㄀㄀攀㈀ⴀ㠀㜀㜀愀ⴀ　　㈀㐀㄀搀㄀㔀㄀昀㤀㠀ഀ਀ഀ਀ ഀ਀䔀爀爀漀爀 ⴀ 　㄀⸀　㄀⸀㈀　㄀㌀　㘀㨀㔀㐀㨀㐀㘀簀䌀漀洀瀀甀琀攀爀一愀洀攀㴀䠀攀椀欀漀ⴀ倀䌀簀匀漀甀爀挀攀㴀䄀瀀瀀氀椀挀愀琀椀漀渀䔀爀爀漀爀簀䤀䐀㴀㄀　　　ഀ਀䐀攀猀挀爀椀瀀琀椀漀渀㴀一愀洀攀搀攀爀昀攀栀氀攀爀栀愀昀琀攀渀䄀渀眀攀渀搀甀渀最㨀匀攀琀甀瀀⸀䔀堀䔀开䤀渀猀琀愀氀氀匀栀椀攀氀搀 ⠀刀⤀Ⰰ 嘀攀爀猀椀漀渀㨀ഀ਀ ㄀　⸀　⸀　⸀㄀㔀㤀Ⰰ 娀攀椀琀猀琀攀洀瀀攀氀㨀　砀㐀　㠀㌀㔀㤀㈀挀一愀洀攀搀攀猀昀攀栀氀攀爀栀愀昀琀攀渀䴀漀搀甀氀猀㨀椀甀猀攀爀⸀搀氀氀Ⰰ 嘀攀爀猀椀漀渀㨀ഀ਀ ㄀　⸀　⸀　⸀㄀㔀㤀Ⰰ 娀攀椀琀猀琀攀洀瀀攀氀㨀　砀㐀　㠀㌀㔀㜀昀攀䄀甀猀渀愀栀洀攀挀漀搀攀㨀　砀挀　　　　　　㔀䘀攀栀氀攀爀漀昀昀猀攀琀㨀　砀　　　㄀　攀㐀㔀ഀ਀䤀䐀ഀ਀ 搀攀猀昀攀栀氀攀爀栀愀昀琀攀渀倀爀漀稀攀猀猀攀猀㨀　砀愀攀㐀匀琀愀爀琀稀攀椀琀搀攀爀昀攀栀氀攀爀栀愀昀琀攀渀䄀渀眀攀渀搀甀渀最㨀　砀　㄀挀搀攀㠀　攀㘀㔀愀戀挀㌀㠀㤀ഀ਀倀昀愀搀ഀ਀ 搀攀爀昀攀栀氀攀爀栀愀昀琀攀渀䄀渀眀攀渀搀甀渀最㨀䌀㨀尀唀猀攀爀猀尀䠀攀椀欀漀尀䄀瀀瀀䐀愀琀愀尀䰀漀挀愀氀尀吀攀洀瀀尀䐀嘀匀䔀开䐀嘀䐀尀匀攀琀甀瀀⸀䔀堀䔀ഀ਀倀昀愀搀ഀ਀ 搀攀猀昀攀栀氀攀爀栀愀昀琀攀渀䴀漀搀甀氀猀㨀䌀㨀尀倀爀漀最爀愀洀䘀椀氀攀猀尀䌀漀洀洀漀渀䘀椀氀攀猀尀䤀渀猀琀愀氀氀匀栀椀攀氀搀尀倀爀漀昀攀猀猀椀漀渀愀氀尀刀甀渀吀椀洀攀尀㄀　尀　　尀䤀渀琀攀氀㌀㈀尀椀甀猀攀爀⸀搀氀氀ഀ਀䈀攀爀椀挀栀琀猀欀攀渀渀甀渀最㨀ഀ ਀ 愀㜀㔀搀搀㤀㘀㌀ⴀ㔀㐀　㄀ⴀ㄀㄀攀㈀ⴀ㤀㤀愀㘀ⴀ　　㈀㐀㄀搀㄀㔀㄀昀㤀㠀ഀ਀ ഀ਀䔀爀爀漀爀 ⴀ 　㄀⸀　㄀⸀㈀　㄀㌀　㤀㨀㄀㈀㨀㔀　簀䌀漀洀瀀甀琀攀爀一愀洀攀㴀䠀攀椀欀漀ⴀ倀䌀簀匀漀甀爀挀攀㴀匀椀搀攀䈀礀匀椀搀攀簀䤀䐀㴀㄀㘀㠀㐀㈀㜀㠀㔀ഀ਀䐀攀猀挀爀椀瀀琀椀漀渀㴀䘀攀栀氀攀爀戀攀椀洀䜀攀渀攀爀椀攀爀攀渀搀攀猀䄀欀琀椀瘀椀攀爀甀渀最猀欀漀渀琀攀砀琀攀猀昀쌀¼r "c:\program files\wm-kat_technik\Updater\RunAsAdmin3.exe".
Die
abh꓃渀最椀最攀䄀猀猀攀洀戀氀椀攀爀甀渀最 ∀䴀椀挀爀漀猀漀昀琀⸀嘀䌀㤀　⸀䐀攀戀甀最䌀刀吀Ⰰ瀀爀漀挀攀猀猀漀爀䄀爀挀栀椀琀攀挀琀甀爀攀㴀∀砀㠀㘀∀Ⰰ瀀甀戀氀椀挀䬀攀礀吀漀欀攀渀㴀∀㄀昀挀㠀戀㌀戀㤀愀㄀攀㄀㠀攀㌀戀∀Ⰰ琀礀瀀攀㴀∀眀椀渀㌀㈀∀Ⰰ瘀攀爀猀椀漀渀㴀∀㤀⸀　⸀㈀㄀　㈀㈀⸀㠀∀∀ഀ਀ 欀漀渀渀琀攀渀椀挀栀琀最攀昀甀渀搀攀渀眀攀爀搀攀渀⸀ 嘀攀爀眀攀渀搀攀渀匀椀攀昀쌀¼r eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 10.01.2013 03:36:23 | Computer Name = Heiko-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes f볃爀 ∀挀㨀尀瀀爀漀最爀愀洀昀椀氀攀猀尀眀洀ⴀ欀愀琀开琀攀挀栀渀椀欀尀唀瀀搀愀琀攀爀尀刀甀渀䄀猀䄀搀洀椀渀㌀⸀攀砀攀∀⸀ഀ਀䐀椀攀ഀ਀ 愀戀栀쌀¤ngige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie f볃爀攀椀渀攀搀攀琀愀椀氀氀椀攀爀琀攀䐀椀愀最渀漀猀攀搀愀猀倀爀漀最爀愀洀洀ഀ਀ ∀猀砀猀琀爀愀挀攀⸀攀砀攀∀⸀ഀ਀ ഀ਀嬀匀礀猀琀攀洀䔀瘀攀渀琀猀崀ഀ਀䔀爀爀漀爀 ⴀ 　㔀⸀　㐀⸀㈀　㄀㈀　㤀㨀㄀㄀㨀㈀㘀簀䌀漀洀瀀甀琀攀爀一愀洀攀㴀䠀攀椀欀漀ⴀ倀䌀簀匀漀甀爀挀攀㴀匀挀栀愀渀渀攀氀簀䤀䐀㴀㌀㘀㠀㠀㜀ഀ਀䐀攀猀挀爀椀瀀琀椀漀渀㴀䔀猀眀甀爀搀攀攀椀渀攀猀挀栀眀攀爀眀椀攀最攀渀搀攀圀愀爀渀甀渀最攀洀瀀昀愀渀最攀渀㨀㈀　⸀ഀ਀ ഀ਀䔀爀爀漀爀 ⴀ 　㔀⸀　㐀⸀㈀　㄀㈀㄀㈀㨀㌀㔀㨀　㈀簀䌀漀洀瀀甀琀攀爀一愀洀攀㴀䠀攀椀欀漀ⴀ倀䌀簀匀漀甀爀挀攀㴀瘀漀氀猀渀愀瀀簀䤀䐀㴀㌀㤀㌀㈀㔀㈀ഀ਀䐀攀猀挀爀椀瀀琀椀漀渀㴀䐀椀攀匀挀栀愀琀琀攀渀欀漀瀀椀攀渀瘀漀渀嘀漀氀甀洀攀 ∀䌀㨀∀ 眀甀爀搀攀渀愀戀最攀戀爀漀挀栀攀渀Ⰰ 眀攀椀氀搀攀爀匀挀栀愀琀琀攀渀欀漀瀀椀攀猀瀀攀椀挀栀攀爀ഀ਀ 渀椀挀栀琀愀甀昀攀椀渀戀攀渀甀琀稀攀爀搀攀昀椀渀椀攀爀琀攀猀䰀椀洀椀琀瘀攀爀最爀쌀¶鿃攀爀琀眀攀爀搀攀渀欀漀渀渀琀攀⸀ഀ਀ ഀ਀䔀爀爀漀爀 ⴀ 　㔀⸀　㐀⸀㈀　㄀㈀㄀㌀㨀㄀　㨀㄀㐀簀䌀漀洀瀀甀琀攀爀一愀洀攀㴀䠀攀椀欀漀ⴀ倀䌀簀匀漀甀爀挀攀㴀挀搀爀漀洀簀䤀䐀㴀㈀㘀㈀㄀㔀㄀ഀ਀䐀攀猀挀爀椀瀀琀椀漀渀㴀䘀攀栀氀攀爀栀愀昀琀攀爀䈀氀漀挀欀戀攀椀䜀攀爀쌀¤t \Device\CdRom0.

Error - 05.04.2012 13:10:24 | Computer Name = Heiko-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Ger꓃琀尀䐀攀瘀椀挀攀尀䌀搀刀漀洀　⸀ഀ਀ ഀ਀䔀爀爀漀爀 ⴀ 　㔀⸀　㐀⸀㈀　㄀㈀㄀㌀㨀㄀　㨀㌀㔀簀䌀漀洀瀀甀琀攀爀一愀洀攀㴀䠀攀椀欀漀ⴀ倀䌀簀匀漀甀爀挀攀㴀挀搀爀漀洀簀䤀䐀㴀㈀㘀㈀㄀㔀㄀ഀ਀䐀攀猀挀爀椀瀀琀椀漀渀㴀䘀攀栀氀攀爀栀愀昀琀攀爀䈀氀漀挀欀戀攀椀䜀攀爀쌀¤t \Device\CdRom0.

Error - 06.04.2012 08:49:19 | Computer Name = Heiko-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 06.04.2012 08:49:26 | Computer Name = Heiko-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 06.04.2012 09:32:03 | Computer Name = Heiko-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

< End of report >

Gmer

Zitat:

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-10 17:53:45
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01113 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Heiko\AppData\Local\Temp\ugloipoc.sys

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81C82599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CA6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- EOF - GMER 2.0 ----

markusg · 11.01.2013, 00:21

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [sv뇃栀쌀®st] C:\Users\Heiko\4068654.exe ()
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

whitejack88 · 11.01.2013, 17:41

Hallo markusg,

vielen dank das du dich meinem Problem so schnell angenommen hast.

wie erwünscht 2 Sachen:

Inhalt Textdokument OTL

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svchost not found.
C:\Users\Heiko\4068654.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Heiko
->Flash cache emptied: 49034 bytes

User: kees.SOEST

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Heiko
->Temp folder emptied: 270340770 bytes
->Temporary Internet Files folder emptied: 132124720 bytes
->Java cache emptied: 7760961 bytes
->Google Chrome cache emptied: 65669140 bytes
->Flash cache emptied: 0 bytes

User: kees.SOEST

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11444131 bytes
RecycleBin emptied: 801292 bytes

Total Files Cleaned = 466,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01112013_173220

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

movedfiles.zip via uploadchannel

Zitat:

Datei: MovedFiles.zip_1 empfangen

Vorgang erfolgreich abgeschlossen.

vielen Dank für die bisherige Hilfe

markusg · 11.01.2013, 17:46

Sehr gut.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

whitejack88 · 12.01.2013, 10:32

Hier dein gewünschter Log,

Zitat:

10:28:32.0030 1164 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:28:32.0332 1164 ============================================================
10:28:32.0332 1164 Current date / time: 2013/01/12 10:28:32.0332
10:28:32.0332 1164 SystemInfo:
10:28:32.0332 1164
10:28:32.0332 1164 OS Version: 6.1.7600 ServicePack: 0.0
10:28:32.0332 1164 Product type: Workstation
10:28:32.0333 1164 ComputerName: HEIKO-PC
10:28:32.0333 1164 UserName: Heiko
10:28:32.0333 1164 Windows directory: C:\Windows
10:28:32.0333 1164 System windows directory: C:\Windows
10:28:32.0333 1164 Processor architecture: Intel x86
10:28:32.0333 1164 Number of processors: 2
10:28:32.0333 1164 Page size: 0x1000
10:28:32.0333 1164 Boot type: Normal boot
10:28:32.0333 1164 ============================================================
10:28:33.0911 1164 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:28:33.0913 1164 ============================================================
10:28:33.0913 1164 \Device\Harddisk0\DR0:
10:28:33.0913 1164 MBR partitions:
10:28:33.0913 1164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
10:28:33.0933 1164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x1DEF9320
10:28:33.0933 1164 ============================================================
10:28:33.0958 1164 C: <-> \Device\Harddisk0\DR0\Partition1
10:28:33.0984 1164 D: <-> \Device\Harddisk0\DR0\Partition2
10:28:33.0984 1164 ============================================================
10:28:33.0984 1164 Initialize success
10:28:33.0984 1164 ============================================================
10:29:14.0395 3412 ============================================================
10:29:14.0395 3412 Scan started
10:29:14.0395 3412 Mode: Manual; SigCheck; TDLFS;
10:29:14.0395 3412 ============================================================
10:29:15.0148 3412 ================ Scan system memory ========================
10:29:15.0148 3412 System memory - ok
10:29:15.0148 3412 ================ Scan services =============================
10:29:15.0289 3412 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:29:15.0369 3412 1394ohci - ok
10:29:15.0400 3412 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
10:29:15.0416 3412 ACPI - ok
10:29:15.0435 3412 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
10:29:15.0472 3412 AcpiPmi - ok
10:29:15.0574 3412 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:29:15.0589 3412 AdobeARMservice - ok
10:29:15.0635 3412 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:29:15.0660 3412 adp94xx - ok
10:29:15.0677 3412 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:29:15.0694 3412 adpahci - ok
10:29:15.0702 3412 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:29:15.0715 3412 adpu320 - ok
10:29:15.0750 3412 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:29:15.0784 3412 AeLookupSvc - ok
10:29:15.0806 3412 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
10:29:15.0921 3412 AFD - ok
10:29:15.0937 3412 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
10:29:15.0948 3412 agp440 - ok
10:29:15.0978 3412 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:29:15.0990 3412 aic78xx - ok
10:29:16.0008 3412 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:29:16.0056 3412 ALG - ok
10:29:16.0077 3412 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
10:29:16.0093 3412 aliide - ok
10:29:16.0101 3412 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
10:29:16.0112 3412 amdagp - ok
10:29:16.0123 3412 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
10:29:16.0134 3412 amdide - ok
10:29:16.0148 3412 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:29:16.0172 3412 AmdK8 - ok
10:29:16.0178 3412 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:29:16.0203 3412 AmdPPM - ok
10:29:16.0216 3412 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
10:29:16.0228 3412 amdsata - ok
10:29:16.0236 3412 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:29:16.0249 3412 amdsbs - ok
10:29:16.0264 3412 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
10:29:16.0274 3412 amdxata - ok
10:29:16.0294 3412 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
10:29:16.0338 3412 AppID - ok
10:29:16.0356 3412 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:29:16.0397 3412 AppIDSvc - ok
10:29:16.0411 3412 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
10:29:16.0450 3412 Appinfo - ok
10:29:16.0482 3412 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
10:29:16.0505 3412 AppMgmt - ok
10:29:16.0511 3412 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:29:16.0523 3412 arc - ok
10:29:16.0530 3412 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:29:16.0542 3412 arcsas - ok
10:29:16.0561 3412 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:16.0600 3412 AsyncMac - ok
10:29:16.0608 3412 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
10:29:16.0618 3412 atapi - ok
10:29:16.0656 3412 [ 547F07839F71A4357A5E503646CAC2B0 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
10:29:16.0697 3412 atksgt - ok
10:29:16.0733 3412 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:29:16.0782 3412 AudioEndpointBuilder - ok
10:29:16.0793 3412 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:29:16.0827 3412 Audiosrv - ok
10:29:16.0847 3412 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:29:16.0876 3412 AxInstSV - ok
10:29:16.0904 3412 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:29:16.0951 3412 b06bdrv - ok
10:29:16.0976 3412 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:29:16.0999 3412 b57nd60x - ok
10:29:17.0020 3412 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:29:17.0042 3412 BDESVC - ok
10:29:17.0054 3412 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:29:17.0094 3412 Beep - ok
10:29:17.0113 3412 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
10:29:17.0160 3412 BFE - ok
10:29:17.0199 3412 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
10:29:17.0258 3412 BITS - ok
10:29:17.0277 3412 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:29:17.0290 3412 blbdrive - ok
10:29:17.0301 3412 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:29:17.0332 3412 bowser - ok
10:29:17.0337 3412 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:29:17.0364 3412 BrFiltLo - ok
10:29:17.0369 3412 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:29:17.0385 3412 BrFiltUp - ok
10:29:17.0406 3412 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
10:29:17.0437 3412 Browser - ok
10:29:17.0458 3412 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:29:17.0488 3412 Brserid - ok
10:29:17.0494 3412 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:29:17.0518 3412 BrSerWdm - ok
10:29:17.0523 3412 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:29:17.0542 3412 BrUsbMdm - ok
10:29:17.0547 3412 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:29:17.0569 3412 BrUsbSer - ok
10:29:17.0575 3412 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:29:17.0598 3412 BTHMODEM - ok
10:29:17.0628 3412 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:29:17.0669 3412 bthserv - ok
10:29:17.0688 3412 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:29:17.0728 3412 cdfs - ok
10:29:17.0759 3412 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:29:17.0773 3412 cdrom - ok
10:29:17.0793 3412 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
10:29:17.0823 3412 CertPropSvc - ok
10:29:17.0842 3412 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:29:17.0858 3412 circlass - ok
10:29:17.0887 3412 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:29:17.0902 3412 CLFS - ok
10:29:17.0956 3412 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:29:17.0975 3412 clr_optimization_v2.0.50727_32 - ok
10:29:17.0982 3412 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:29:17.0999 3412 CmBatt - ok
10:29:18.0016 3412 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
10:29:18.0028 3412 cmdide - ok
10:29:18.0050 3412 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
10:29:18.0072 3412 CNG - ok
10:29:18.0085 3412 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:29:18.0096 3412 Compbatt - ok
10:29:18.0107 3412 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:29:18.0122 3412 CompositeBus - ok
10:29:18.0127 3412 COMSysApp - ok
10:29:18.0142 3412 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:29:18.0153 3412 crcdisk - ok
10:29:18.0202 3412 [ 2177A0F611584BCA1DFDD7EEB35C0224 ] CrypKey License C:\Windows\system32\crypserv.exe
10:29:18.0208 3412 CrypKey License ( UnsignedFile.Multi.Generic ) - warning
10:29:18.0208 3412 CrypKey License - detected UnsignedFile.Multi.Generic (1)
10:29:18.0229 3412 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:29:18.0270 3412 CryptSvc - ok
10:29:18.0300 3412 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
10:29:18.0339 3412 CSC - ok
10:29:18.0361 3412 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
10:29:18.0394 3412 CscService - ok
10:29:18.0424 3412 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
10:29:18.0472 3412 DcomLaunch - ok
10:29:18.0501 3412 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:29:18.0545 3412 defragsvc - ok
10:29:18.0571 3412 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:29:18.0614 3412 DfsC - ok
10:29:18.0639 3412 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:29:18.0677 3412 Dhcp - ok
10:29:18.0691 3412 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:29:18.0731 3412 discache - ok
10:29:18.0764 3412 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:29:18.0775 3412 Disk - ok
10:29:18.0791 3412 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:29:18.0840 3412 Dnscache - ok
10:29:18.0864 3412 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
10:29:18.0906 3412 dot3svc - ok
10:29:18.0918 3412 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
10:29:18.0958 3412 DPS - ok
10:29:18.0988 3412 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:29:19.0010 3412 drmkaud - ok
10:29:19.0058 3412 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:29:19.0080 3412 DXGKrnl - ok
10:29:19.0098 3412 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:29:19.0139 3412 EapHost - ok
10:29:19.0199 3412 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:29:19.0269 3412 ebdrv - ok
10:29:19.0287 3412 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
10:29:19.0305 3412 EFS - ok
10:29:19.0351 3412 [ 0F1A73C91CFA379F307F86E38C8C41AB ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:29:19.0405 3412 ehRecvr - ok
10:29:19.0432 3412 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:29:19.0471 3412 ehSched - ok
10:29:19.0495 3412 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:29:19.0517 3412 elxstor - ok
10:29:19.0536 3412 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
10:29:19.0549 3412 ErrDev - ok
10:29:19.0587 3412 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:29:19.0628 3412 EventSystem - ok
10:29:19.0636 3412 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:29:19.0671 3412 exfat - ok
10:29:19.0688 3412 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:29:19.0733 3412 fastfat - ok
10:29:19.0761 3412 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
10:29:19.0812 3412 Fax - ok
10:29:19.0818 3412 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:29:19.0840 3412 fdc - ok
10:29:19.0852 3412 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:29:19.0895 3412 fdPHost - ok
10:29:19.0913 3412 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:29:19.0944 3412 FDResPub - ok
10:29:19.0953 3412 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:29:19.0964 3412 FileInfo - ok
10:29:19.0978 3412 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:29:20.0008 3412 Filetrace - ok
10:29:20.0023 3412 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:29:20.0046 3412 flpydisk - ok
10:29:20.0067 3412 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:29:20.0080 3412 FltMgr - ok
10:29:20.0103 3412 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
10:29:20.0146 3412 FontCache - ok
10:29:20.0185 3412 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:29:20.0195 3412 FontCache3.0.0.0 - ok
10:29:20.0209 3412 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:29:20.0220 3412 FsDepends - ok
10:29:20.0241 3412 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:29:20.0251 3412 Fs_Rec - ok
10:29:20.0270 3412 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:29:20.0286 3412 fvevol - ok
10:29:20.0305 3412 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:29:20.0317 3412 gagp30kx - ok
10:29:20.0345 3412 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
10:29:20.0377 3412 gpsvc - ok
10:29:20.0464 3412 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:29:20.0482 3412 gupdate - ok
10:29:20.0496 3412 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:29:20.0504 3412 gupdatem - ok
10:29:20.0533 3412 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:29:20.0544 3412 gusvc - ok
10:29:20.0558 3412 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:29:20.0591 3412 hcw85cir - ok
10:29:20.0659 3412 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:29:20.0686 3412 HdAudAddService - ok
10:29:20.0706 3412 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:29:20.0728 3412 HDAudBus - ok
10:29:20.0734 3412 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:29:20.0756 3412 HidBatt - ok
10:29:20.0779 3412 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:29:20.0799 3412 HidBth - ok
10:29:20.0811 3412 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:29:20.0827 3412 HidIr - ok
10:29:20.0843 3412 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
10:29:20.0874 3412 hidserv - ok
10:29:20.0898 3412 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:29:20.0911 3412 HidUsb - ok
10:29:20.0935 3412 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:29:20.0966 3412 hkmsvc - ok
10:29:20.0981 3412 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:29:21.0031 3412 HomeGroupListener - ok
10:29:21.0055 3412 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:29:21.0081 3412 HomeGroupProvider - ok
10:29:21.0096 3412 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
10:29:21.0108 3412 HpSAMD - ok
10:29:21.0135 3412 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:29:21.0185 3412 HTTP - ok
10:29:21.0201 3412 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:29:21.0211 3412 hwpolicy - ok
10:29:21.0225 3412 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:29:21.0249 3412 i8042prt - ok
10:29:21.0268 3412 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
10:29:21.0286 3412 iaStorV - ok
10:29:21.0331 3412 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:29:21.0358 3412 idsvc - ok
10:29:21.0457 3412 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:29:21.0559 3412 igfx - ok
10:29:21.0576 3412 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:29:21.0587 3412 iirsp - ok
10:29:21.0654 3412 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
10:29:21.0704 3412 IKEEXT - ok
10:29:21.0730 3412 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:29:21.0739 3412 intelide - ok
10:29:21.0758 3412 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:29:21.0784 3412 intelppm - ok
10:29:21.0800 3412 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:29:21.0843 3412 IPBusEnum - ok
10:29:21.0856 3412 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:29:21.0887 3412 IpFilterDriver - ok
10:29:21.0920 3412 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:29:21.0971 3412 iphlpsvc - ok
10:29:21.0978 3412 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:29:21.0992 3412 IPMIDRV - ok
10:29:21.0999 3412 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:29:22.0040 3412 IPNAT - ok
10:29:22.0050 3412 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:29:22.0067 3412 IRENUM - ok
10:29:22.0084 3412 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
10:29:22.0095 3412 isapnp - ok
10:29:22.0122 3412 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:29:22.0137 3412 iScsiPrt - ok
10:29:22.0154 3412 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:29:22.0165 3412 kbdclass - ok
10:29:22.0177 3412 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:29:22.0191 3412 kbdhid - ok
10:29:22.0206 3412 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
10:29:22.0220 3412 KeyIso - ok
10:29:22.0230 3412 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:29:22.0241 3412 KSecDD - ok
10:29:22.0267 3412 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:29:22.0280 3412 KSecPkg - ok
10:29:22.0303 3412 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:29:22.0348 3412 KtmRm - ok
10:29:22.0383 3412 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:29:22.0417 3412 LanmanServer - ok
10:29:22.0437 3412 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:29:22.0470 3412 LanmanWorkstation - ok
10:29:22.0517 3412 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
10:29:22.0525 3412 lirsgt - ok
10:29:22.0542 3412 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:29:22.0585 3412 lltdio - ok
10:29:22.0621 3412 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:29:22.0654 3412 lltdsvc - ok
10:29:22.0670 3412 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:29:22.0713 3412 lmhosts - ok
10:29:22.0750 3412 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:29:22.0763 3412 LSI_FC - ok
10:29:22.0783 3412 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:29:22.0795 3412 LSI_SAS - ok
10:29:22.0813 3412 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:29:22.0824 3412 LSI_SAS2 - ok
10:29:22.0835 3412 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:29:22.0848 3412 LSI_SCSI - ok
10:29:22.0873 3412 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:29:22.0910 3412 luafv - ok
10:29:22.0936 3412 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:29:22.0951 3412 Mcx2Svc - ok
10:29:22.0967 3412 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:29:22.0978 3412 megasas - ok
10:29:22.0993 3412 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:29:23.0008 3412 MegaSR - ok
10:29:23.0023 3412 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:29:23.0054 3412 MMCSS - ok
10:29:23.0070 3412 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:29:23.0100 3412 Modem - ok
10:29:23.0118 3412 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:29:23.0138 3412 monitor - ok
10:29:23.0158 3412 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:29:23.0169 3412 mouclass - ok
10:29:23.0186 3412 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:29:23.0229 3412 mouhid - ok
10:29:23.0246 3412 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:29:23.0257 3412 mountmgr - ok
10:29:23.0275 3412 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
10:29:23.0288 3412 mpio - ok
10:29:23.0294 3412 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:29:23.0331 3412 mpsdrv - ok
10:29:23.0351 3412 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
10:29:23.0397 3412 MpsSvc - ok
10:29:23.0412 3412 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:29:23.0431 3412 MRxDAV - ok
10:29:23.0449 3412 [ F1B6AA08497EA86CA6EF6F7A08B0BFB8 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:29:23.0473 3412 mrxsmb - ok
10:29:23.0485 3412 [ 5613358B4050F46F5A9832DA8050D6E4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:29:23.0513 3412 mrxsmb10 - ok
10:29:23.0532 3412 [ 25C9792778D80FEB4C8201E62281BFDF ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:29:23.0545 3412 mrxsmb20 - ok
10:29:23.0561 3412 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
10:29:23.0572 3412 msahci - ok
10:29:23.0591 3412 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
10:29:23.0613 3412 msdsm - ok
10:29:23.0628 3412 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:29:23.0652 3412 MSDTC - ok
10:29:23.0675 3412 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:29:23.0706 3412 Msfs - ok
10:29:23.0714 3412 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:29:23.0752 3412 mshidkmdf - ok
10:29:23.0757 3412 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
10:29:23.0769 3412 msisadrv - ok
10:29:23.0790 3412 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:29:23.0822 3412 MSiSCSI - ok
10:29:23.0828 3412 msiserver - ok
10:29:23.0846 3412 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:29:23.0889 3412 MSKSSRV - ok
10:29:23.0906 3412 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:29:23.0937 3412 MSPCLOCK - ok
10:29:23.0952 3412 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:29:23.0982 3412 MSPQM - ok
10:29:23.0997 3412 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:29:24.0010 3412 MsRPC - ok
10:29:24.0033 3412 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:29:24.0044 3412 mssmbios - ok
10:29:24.0055 3412 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:29:24.0085 3412 MSTEE - ok
10:29:24.0102 3412 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:29:24.0115 3412 MTConfig - ok
10:29:24.0133 3412 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:29:24.0144 3412 Mup - ok
10:29:24.0174 3412 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
10:29:24.0217 3412 napagent - ok
10:29:24.0257 3412 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:29:24.0287 3412 NativeWifiP - ok
10:29:24.0325 3412 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:29:24.0350 3412 NDIS - ok
10:29:24.0363 3412 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:29:24.0401 3412 NdisCap - ok
10:29:24.0423 3412 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:29:24.0462 3412 NdisTapi - ok
10:29:24.0477 3412 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:29:24.0507 3412 Ndisuio - ok
10:29:24.0526 3412 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:29:24.0556 3412 NdisWan - ok
10:29:24.0570 3412 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:29:24.0600 3412 NDProxy - ok
10:29:24.0626 3412 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:29:24.0656 3412 NetBIOS - ok
10:29:24.0671 3412 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:29:24.0713 3412 NetBT - ok
10:29:24.0729 3412 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
10:29:24.0742 3412 Netlogon - ok
10:29:24.0777 3412 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:29:24.0821 3412 Netman - ok
10:29:24.0845 3412 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:29:24.0892 3412 netprofm - ok
10:29:24.0922 3412 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:29:24.0932 3412 NetTcpPortSharing - ok
10:29:24.0971 3412 [ 9446D03271BAF3496BBD2957D2732FD2 ] NetworkX C:\Windows\System32\ckldrv.sys
10:29:24.0978 3412 NetworkX - ok
10:29:24.0997 3412 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:29:25.0009 3412 nfrd960 - ok
10:29:25.0025 3412 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
10:29:25.0059 3412 NlaSvc - ok
10:29:25.0073 3412 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:29:25.0104 3412 Npfs - ok
10:29:25.0138 3412 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:29:25.0168 3412 nsi - ok
10:29:25.0182 3412 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:29:25.0219 3412 nsiproxy - ok
10:29:25.0259 3412 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:29:25.0295 3412 Ntfs - ok
10:29:25.0306 3412 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:29:25.0335 3412 Null - ok
10:29:25.0352 3412 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
10:29:25.0365 3412 nvraid - ok
10:29:25.0376 3412 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
10:29:25.0390 3412 nvstor - ok
10:29:25.0406 3412 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
10:29:25.0419 3412 nv_agp - ok
10:29:25.0468 3412 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:29:25.0486 3412 odserv - ok
10:29:25.0493 3412 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:29:25.0519 3412 ohci1394 - ok
10:29:25.0537 3412 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:29:25.0547 3412 ose - ok
10:29:25.0571 3412 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:29:25.0596 3412 p2pimsvc - ok
10:29:25.0639 3412 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:29:25.0660 3412 p2psvc - ok
10:29:25.0679 3412 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:29:25.0694 3412 Parport - ok
10:29:25.0705 3412 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:29:25.0716 3412 partmgr - ok
10:29:25.0729 3412 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:29:25.0753 3412 Parvdm - ok
10:29:25.0771 3412 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:29:25.0791 3412 PcaSvc - ok
10:29:25.0808 3412 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
10:29:25.0821 3412 pci - ok
10:29:25.0840 3412 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
10:29:25.0851 3412 pciide - ok
10:29:25.0869 3412 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:29:25.0884 3412 pcmcia - ok
10:29:25.0902 3412 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:29:25.0913 3412 pcw - ok
10:29:25.0948 3412 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:29:25.0997 3412 PEAUTH - ok
10:29:26.0041 3412 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:29:26.0085 3412 PeerDistSvc - ok
10:29:26.0137 3412 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
10:29:26.0204 3412 pla - ok
10:29:26.0226 3412 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:29:26.0270 3412 PlugPlay - ok
10:29:26.0287 3412 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:29:26.0314 3412 PNRPAutoReg - ok
10:29:26.0335 3412 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:29:26.0351 3412 PNRPsvc - ok
10:29:26.0375 3412 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:29:26.0420 3412 PolicyAgent - ok
10:29:26.0442 3412 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
10:29:26.0476 3412 Power - ok
10:29:26.0510 3412 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:29:26.0540 3412 PptpMiniport - ok
10:29:26.0554 3412 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:29:26.0568 3412 Processor - ok
10:29:26.0589 3412 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
10:29:26.0635 3412 ProfSvc - ok
10:29:26.0653 3412 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:29:26.0667 3412 ProtectedStorage - ok
10:29:26.0687 3412 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:29:26.0719 3412 Psched - ok
10:29:26.0756 3412 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:29:26.0796 3412 ql2300 - ok
10:29:26.0817 3412 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:29:26.0830 3412 ql40xx - ok
10:29:26.0851 3412 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:29:26.0893 3412 QWAVE - ok
10:29:26.0911 3412 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:29:26.0927 3412 QWAVEdrv - ok
10:29:26.0944 3412 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:29:26.0975 3412 RasAcd - ok
10:29:26.0988 3412 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:29:27.0028 3412 RasAgileVpn - ok
10:29:27.0052 3412 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:29:27.0083 3412 RasAuto - ok
10:29:27.0100 3412 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:27.0136 3412 Rasl2tp - ok
10:29:27.0160 3412 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
10:29:27.0198 3412 RasMan - ok
10:29:27.0211 3412 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:27.0242 3412 RasPppoe - ok
10:29:27.0253 3412 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:29:27.0283 3412 RasSstp - ok
10:29:27.0305 3412 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:29:27.0338 3412 rdbss - ok
10:29:27.0347 3412 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:29:27.0371 3412 rdpbus - ok
10:29:27.0387 3412 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:27.0416 3412 RDPCDD - ok
10:29:27.0447 3412 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:29:27.0479 3412 RDPDR - ok
10:29:27.0499 3412 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:29:27.0528 3412 RDPENCDD - ok
10:29:27.0539 3412 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:29:27.0580 3412 RDPREFMP - ok
10:29:27.0603 3412 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:29:27.0635 3412 RDPWD - ok
10:29:27.0655 3412 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:29:27.0668 3412 rdyboost - ok
10:29:27.0696 3412 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:29:27.0729 3412 RemoteAccess - ok
10:29:27.0746 3412 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:29:27.0779 3412 RemoteRegistry - ok
10:29:27.0805 3412 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:29:27.0842 3412 RpcEptMapper - ok
10:29:27.0857 3412 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:29:27.0873 3412 RpcLocator - ok
10:29:27.0888 3412 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
10:29:27.0923 3412 RpcSs - ok
10:29:27.0943 3412 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:29:27.0974 3412 rspndr - ok
10:29:27.0998 3412 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
10:29:28.0020 3412 RTL8167 - ok
10:29:28.0036 3412 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
10:29:28.0064 3412 s3cap - ok
10:29:28.0079 3412 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
10:29:28.0093 3412 SamSs - ok
10:29:28.0123 3412 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
10:29:28.0135 3412 sbp2port - ok
10:29:28.0157 3412 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:29:28.0191 3412 SCardSvr - ok
10:29:28.0201 3412 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:29:28.0240 3412 scfilter - ok
10:29:28.0262 3412 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
10:29:28.0314 3412 Schedule - ok
10:29:28.0326 3412 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:29:28.0356 3412 SCPolicySvc - ok
10:29:28.0384 3412 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:29:28.0416 3412 SDRSVC - ok
10:29:28.0430 3412 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:29:28.0469 3412 secdrv - ok
10:29:28.0482 3412 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:29:28.0520 3412 seclogon - ok
10:29:28.0538 3412 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
10:29:28.0579 3412 SENS - ok
10:29:28.0601 3412 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:29:28.0650 3412 SensrSvc - ok
10:29:28.0675 3412 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:29:28.0688 3412 Serenum - ok
10:29:28.0698 3412 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:29:28.0723 3412 Serial - ok
10:29:28.0741 3412 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:29:28.0754 3412 sermouse - ok
10:29:28.0778 3412 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
10:29:28.0821 3412 SessionEnv - ok
10:29:28.0845 3412 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:29:28.0872 3412 sffdisk - ok
10:29:28.0877 3412 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:29:28.0901 3412 sffp_mmc - ok
10:29:28.0907 3412 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:29:28.0932 3412 sffp_sd - ok
10:29:28.0937 3412 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:29:28.0956 3412 sfloppy - ok
10:29:28.0978 3412 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:29:29.0013 3412 SharedAccess - ok
10:29:29.0026 3412 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:29:29.0054 3412 ShellHWDetection - ok
10:29:29.0062 3412 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
10:29:29.0073 3412 sisagp - ok
10:29:29.0099 3412 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:29:29.0110 3412 SiSRaid2 - ok
10:29:29.0123 3412 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:29:29.0136 3412 SiSRaid4 - ok
10:29:29.0150 3412 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:29:29.0181 3412 Smb - ok
10:29:29.0202 3412 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:29:29.0234 3412 SNMPTRAP - ok
10:29:29.0239 3412 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:29:29.0250 3412 spldr - ok
10:29:29.0289 3412 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
10:29:29.0321 3412 Spooler - ok
10:29:29.0387 3412 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
10:29:29.0458 3412 sppsvc - ok
10:29:29.0480 3412 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:29:29.0522 3412 sppuinotify - ok
10:29:29.0537 3412 [ DD0DD124D95390FDFFA7FB6283923ED4 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:29:29.0571 3412 srv - ok
10:29:29.0590 3412 [ 59EF6D9C690E89D51B0692CCB13A06FC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:29:29.0634 3412 srv2 - ok
10:29:29.0654 3412 [ 08F28676802B58138E48A2B40CAF6204 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:29:29.0675 3412 srvnet - ok
10:29:29.0689 3412 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:29:29.0723 3412 SSDPSRV - ok
10:29:29.0734 3412 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:29:29.0774 3412 SstpSvc - ok
10:29:29.0882 3412 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA ] StarMoney 7.0 OnlineUpdate C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
10:29:29.0901 3412 StarMoney 7.0 OnlineUpdate - ok
10:29:29.0921 3412 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:29:29.0932 3412 stexstor - ok
10:29:29.0978 3412 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
10:29:30.0004 3412 StiSvc - ok
10:29:30.0028 3412 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
10:29:30.0038 3412 storflt - ok
10:29:30.0050 3412 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
10:29:30.0061 3412 storvsc - ok
10:29:30.0074 3412 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:29:30.0085 3412 swenum - ok
10:29:30.0104 3412 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:29:30.0140 3412 swprv - ok
10:29:30.0174 3412 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
10:29:30.0220 3412 SysMain - ok
10:29:30.0240 3412 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:29:30.0264 3412 TabletInputService - ok
10:29:30.0282 3412 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
10:29:30.0317 3412 TapiSrv - ok
10:29:30.0329 3412 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:29:30.0374 3412 TBS - ok
10:29:30.0406 3412 [ BB7F39C31C4A4417FD318E7CD184E225 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:29:30.0444 3412 Tcpip - ok
10:29:30.0476 3412 [ BB7F39C31C4A4417FD318E7CD184E225 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:29:30.0508 3412 TCPIP6 - ok
10:29:30.0522 3412 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:29:30.0561 3412 tcpipreg - ok
10:29:30.0573 3412 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:29:30.0611 3412 TDPIPE - ok
10:29:30.0616 3412 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:29:30.0654 3412 TDTCP - ok
10:29:30.0659 3412 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:29:30.0691 3412 tdx - ok
10:29:30.0704 3412 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:29:30.0715 3412 TermDD - ok
10:29:30.0740 3412 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
10:29:30.0780 3412 TermService - ok
10:29:30.0791 3412 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:29:30.0810 3412 Themes - ok
10:29:30.0819 3412 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:29:30.0849 3412 THREADORDER - ok
10:29:30.0866 3412 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:29:30.0906 3412 TrkWks - ok
10:29:30.0952 3412 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:29:30.0968 3412 TrustedInstaller - ok
10:29:30.0982 3412 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:29:31.0012 3412 tssecsrv - ok
10:29:31.0038 3412 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:29:31.0070 3412 tunnel - ok
10:29:31.0083 3412 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:29:31.0097 3412 uagp35 - ok
10:29:31.0114 3412 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:29:31.0147 3412 udfs - ok
10:29:31.0168 3412 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:29:31.0197 3412 UI0Detect - ok
10:29:31.0214 3412 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
10:29:31.0225 3412 uliagpkx - ok
10:29:31.0235 3412 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:29:31.0264 3412 umbus - ok
10:29:31.0279 3412 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:29:31.0292 3412 UmPass - ok
10:29:31.0311 3412 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
10:29:31.0328 3412 UmRdpService - ok
10:29:31.0342 3412 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:29:31.0385 3412 upnphost - ok
10:29:31.0398 3412 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:29:31.0434 3412 usbccgp - ok
10:29:31.0450 3412 [ 6EB45C02E2C8A5DBF9A119F76AE9BD95 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
10:29:31.0482 3412 usbcir - ok
10:29:31.0497 3412 [ FF32D4F3EC3C68B2CA61782C7964F54E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:29:31.0551 3412 usbehci - ok
10:29:31.0566 3412 [ B0DFC7B484E0CA0C27BDA5433B82D94A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:29:31.0592 3412 usbhub - ok
10:29:31.0608 3412 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:29:31.0631 3412 usbohci - ok
10:29:31.0669 3412 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:29:31.0711 3412 usbprint - ok
10:29:31.0762 3412 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:29:31.0787 3412 usbscan - ok
10:29:31.0805 3412 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:29:31.0827 3412 USBSTOR - ok
10:29:31.0837 3412 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:29:31.0856 3412 usbuhci - ok
10:29:31.0883 3412 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:29:31.0935 3412 UxSms - ok
10:29:31.0952 3412 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
10:29:31.0967 3412 VaultSvc - ok
10:29:31.0989 3412 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
10:29:32.0003 3412 vdrvroot - ok
10:29:32.0031 3412 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
10:29:32.0066 3412 vds - ok
10:29:32.0080 3412 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:29:32.0095 3412 vga - ok
10:29:32.0113 3412 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:29:32.0142 3412 VgaSave - ok
10:29:32.0157 3412 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
10:29:32.0171 3412 vhdmp - ok
10:29:32.0185 3412 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
10:29:32.0197 3412 viaagp - ok
10:29:32.0203 3412 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:29:32.0221 3412 ViaC7 - ok
10:29:32.0237 3412 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
10:29:32.0248 3412 viaide - ok
10:29:32.0271 3412 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
10:29:32.0285 3412 vmbus - ok
10:29:32.0294 3412 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
10:29:32.0306 3412 VMBusHID - ok
10:29:32.0322 3412 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
10:29:32.0333 3412 volmgr - ok
10:29:32.0355 3412 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:29:32.0371 3412 volmgrx - ok
10:29:32.0388 3412 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
10:29:32.0404 3412 volsnap - ok
10:29:32.0427 3412 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:29:32.0441 3412 vsmraid - ok
10:29:32.0471 3412 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
10:29:32.0511 3412 VSS - ok
10:29:32.0525 3412 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:29:32.0553 3412 vwifibus - ok
10:29:32.0572 3412 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:29:32.0615 3412 W32Time - ok
10:29:32.0631 3412 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:29:32.0644 3412 WacomPen - ok
10:29:32.0670 3412 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:29:32.0700 3412 WANARP - ok
10:29:32.0704 3412 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:29:32.0735 3412 Wanarpv6 - ok
10:29:32.0794 3412 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:29:32.0835 3412 WatAdminSvc - ok
10:29:32.0864 3412 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
10:29:32.0911 3412 wbengine - ok
10:29:32.0926 3412 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:29:32.0947 3412 WbioSrvc - ok
10:29:32.0959 3412 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:29:32.0992 3412 wcncsvc - ok
10:29:33.0009 3412 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:29:33.0042 3412 WcsPlugInService - ok
10:29:33.0057 3412 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:29:33.0067 3412 Wd - ok
10:29:33.0085 3412 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:29:33.0105 3412 Wdf01000 - ok
10:29:33.0123 3412 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:29:33.0151 3412 WdiServiceHost - ok
10:29:33.0157 3412 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:29:33.0175 3412 WdiSystemHost - ok
10:29:33.0212 3412 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
10:29:33.0237 3412 WebClient - ok
10:29:33.0262 3412 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:29:33.0302 3412 Wecsvc - ok
10:29:33.0320 3412 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:29:33.0352 3412 wercplsupport - ok
10:29:33.0367 3412 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:29:33.0403 3412 WerSvc - ok
10:29:33.0427 3412 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:29:33.0456 3412 WfpLwf - ok
10:29:33.0467 3412 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:29:33.0478 3412 WIMMount - ok
10:29:33.0520 3412 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:29:33.0546 3412 WinDefend - ok
10:29:33.0553 3412 WinHttpAutoProxySvc - ok
10:29:33.0608 3412 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:29:33.0640 3412 Winmgmt - ok
10:29:33.0673 3412 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
10:29:33.0733 3412 WinRM - ok
10:29:33.0766 3412 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:29:33.0805 3412 Wlansvc - ok
10:29:33.0810 3412 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:29:33.0824 3412 WmiAcpi - ok
10:29:33.0849 3412 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:29:33.0871 3412 wmiApSrv - ok
10:29:33.0915 3412 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:29:33.0970 3412 WMPNetworkSvc - ok
10:29:34.0089 3412 [ 6F368298F02150B3065D919CC485A329 ] WorkshopDbService C:\Program Files\WM-Kat_Technik\pgsql\bin\pg_ctl.exe
10:29:34.0101 3412 WorkshopDbService ( UnsignedFile.Multi.Generic ) - warning
10:29:34.0101 3412 WorkshopDbService - detected UnsignedFile.Multi.Generic (1)
10:29:34.0115 3412 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:29:34.0147 3412 WPCSvc - ok
10:29:34.0159 3412 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:29:34.0175 3412 WPDBusEnum - ok
10:29:34.0195 3412 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:29:34.0237 3412 ws2ifsl - ok
10:29:34.0255 3412 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
10:29:34.0283 3412 wscsvc - ok
10:29:34.0290 3412 WSearch - ok
10:29:34.0337 3412 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
10:29:34.0400 3412 wuauserv - ok
10:29:34.0414 3412 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:29:34.0450 3412 WudfPf - ok
10:29:34.0478 3412 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:29:34.0510 3412 WUDFRd - ok
10:29:34.0517 3412 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:29:34.0550 3412 wudfsvc - ok
10:29:34.0565 3412 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:29:34.0586 3412 WwanSvc - ok
10:29:34.0593 3412 ================ Scan global ===============================
10:29:34.0664 3412 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
10:29:34.0690 3412 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
10:29:34.0699 3412 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
10:29:34.0723 3412 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:29:34.0737 3412 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:29:34.0743 3412 [Global] - ok
10:29:34.0743 3412 ================ Scan MBR ==================================
10:29:34.0756 3412 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:29:35.0258 3412 \Device\Harddisk0\DR0 - ok
10:29:35.0258 3412 ================ Scan VBR ==================================
10:29:35.0262 3412 [ 9805882452FDC2D0B9B7EF29A2438ECE ] \Device\Harddisk0\DR0\Partition1
10:29:35.0263 3412 \Device\Harddisk0\DR0\Partition1 - ok
10:29:35.0286 3412 [ 4D23A39557D6CE4D261966D0787F186E ] \Device\Harddisk0\DR0\Partition2
10:29:35.0288 3412 \Device\Harddisk0\DR0\Partition2 - ok
10:29:35.0288 3412 ============================================================
10:29:35.0288 3412 Scan finished
10:29:35.0288 3412 ============================================================
10:29:35.0300 3296 Detected object count: 2
10:29:35.0300 3296 Actual detected object count: 2
10:30:54.0664 3296 CrypKey License ( UnsignedFile.Multi.Generic ) - skipped by user
10:30:54.0664 3296 CrypKey License ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:30:54.0665 3296 WorkshopDbService ( UnsignedFile.Multi.Generic ) - skipped by user
10:30:54.0665 3296 WorkshopDbService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ich sage wieder einmal danke für die schnelle Hilfe

markusg · 14.01.2013, 16:30

Hi,
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

whitejack88 · 14.01.2013, 17:23

Hallo,

unten der Log aus ComboFix

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-14.01 - Heiko 14.01.2013  17:15:33.1.2 - x86
ausgeführt von:: c:\users\Heiko\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Adobe\gccheck.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-14 bis 2013-01-14  ))))))))))))))))))))))))))))))
.
.
2013-01-14 16:20 . 2013-01-14 16:20	--------	d-----w-	c:\users\Heiko\AppData\Local\temp
2013-01-14 16:20 . 2013-01-14 16:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-11 16:32 . 2013-01-11 16:36	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SedServer"="c:\program files\WM-Kat_Technik\Sed.exe" [2012-11-23 120587776]
"WEB.DE MailCheck Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-08-09 1206920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 WorkshopDbService;WorkshopDbService;c:\program files\WM-Kat_Technik\pgsql\bin\pg_ctl.exe [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-11 09:16]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-11 09:16]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138367750-3481807868-3657384447-1001Core.job
- c:\users\Heiko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 12:46]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138367750-3481807868-3657384447-1001UA.job
- c:\users\Heiko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 12:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-svñhîst - c:\users\Heiko\4068654.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14  17:22:02
ComboFix-quarantined-files.txt  2013-01-14 16:22
.
Vor Suchlauf: 9 Verzeichnis(se), 15.028.875.264 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 15.392.210.944 Bytes frei
.
- - End Of File - - 8A13F6342480E56C190D72ADA70D5F0B

--- --- ---

Recht herzlichen Dank einmal wieder

markusg · 14.01.2013, 21:26

hi
sieht doch schon mal gut aus.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

whitejack88 · 15.01.2013, 16:50

hey markusg,

habe gerade den scan mit malewarebytes durchgeführt.

am ende erhielt ich folgenden log

Zitat:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.15.10

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Heiko :: HEIKO-PC [Administrator]

15.01.2013 16:17:34
mbam-log-2013-01-15 (16-17-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 314936
Laufzeit: 27 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\01112013_173220\C_Users\Heiko\4068654.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 16.01.2013, 15:50

hi
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

prüfe dann unter rechtsklick, computer, eigenschaften, ob das servicepack1 (sp1) instaliert ist.

whitejack88 · 19.01.2013, 17:26

hey,
habe updates gemacht sp ist installiert.

markusg · 19.01.2013, 20:18

hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Internetseite(Tesyxaltert.us) öffnet sich nach hochfahren automatisch, kann nichts machen.

Log-Analyse und Auswertung: Internetseite(Tesyxaltert.us) öffnet sich nach hochfahren automatisch, kann nichts machen.