| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner wird gescannt (Chrome "zittert", keine Aktion möglich)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.03.2012, 11:39
| #1 |
 |  Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Hi zusammen, ich habe nun auch den Weg zu euch gefunden und hoffe, ihr könnt mir helfen. Seit einigen Tagen kommt es vor, das mein Rechner "gescannt" wird. z.B. in Chrome kann ich keine Eingaben mehr vornehmen, es sieht aus als würde man die ganze Zeit auf F5 hämmern, keine Site lädt mehr und ich kann quasi nichts machen. Das dauert dann so ca. ne Minute, dann ists wieder okay. Meine GData Internet Security 2012 meldet mir anschließend, dass mein Rechner gescannt wurde, bietet darüberhinaus aber keine weiteren Ansatzpunkte. Ich habe mal geschaut, meine Windows Firewall wird immer deaktiviert, denke aber das liegt an GData, oder? Ich habe schon einen kompletten Scan von GData machen lassen, keine Meldung. Habe in anderen Threads schon DDS etc. gelesen, hier die Logfiles davon...: Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Marcus at 12:25:35 on 2012-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8169.5791 [GMT 2:00]
.
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe
C:\Windows\system32\IProsetMonitor.exe
F:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\WireHelpSvc.exe
F:\Program Files\OO Software\DiskImage\oodiag.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
F:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\EslWire\wire.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
F:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\EslWire\inGame32.exe
C:\Program Files\EslWire\dbus-daemon.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: G Data BankGuard: {ba3295cf-17ed-4f49-9e95-d999a0adbfdc} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
uRun: [Google Update] "C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [NBAgent] "F:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AEB42126-F0AD-4072-B865-C5DF95C8A711} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: LightScribeControlPanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: lslauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
{0124123D-61B4-456f-AF86-78C53A0790C5}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{0124123D-61B4-456f-AF86-78C53A0790C5}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [BCU REG_SZ "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" ]
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun-x64: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun-x64: [(Standard)]
mRun-x64: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [NBAgent] "F:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
IFEO-X64: LightScribeControlPanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: lslauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;C:\Windows\system32\DRIVERS\oodisr.sys --> C:\Windows\system32\DRIVERS\oodisr.sys [?]
R0 oodisrh;oodisrh;C:\Windows\system32\DRIVERS\oodisrh.sys --> C:\Windows\system32\DRIVERS\oodisrh.sys [?]
R0 oodivd;O&O DiskImage Virtual Devices Driver;C:\Windows\system32\DRIVERS\oodivd.sys --> C:\Windows\system32\DRIVERS\oodivd.sys [?]
R0 oodivdh;oodivdh;C:\Windows\system32\DRIVERS\oodivdh.sys --> C:\Windows\system32\DRIVERS\oodivdh.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]
R1 gdwfpcd;G Data WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]
R1 GRD;G Data Rootkit Detector Driver;\??\C:\Windows\system32\drivers\GRD.sys --> C:\Windows\system32\drivers\GRD.sys [?]
R1 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2012-1-31 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2012-1-31 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-1-31 586880]
R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-1-31 1506824]
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2011-8-17 464392]
R2 AVKWCtl;G Data Dateisystem Wächter;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2012-1-31 2191808]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 GatewayAgentService;O&O Gateway Agent Service;C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2011-3-11 316744]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-31 13592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-1-31 2348352]
R2 OO DiskImage;OO DiskImage;F:\Program Files\OO Software\DiskImage\oodiag.exe [2011-10-24 4726608]
R2 OODefragAgent;O&O Defrag;F:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-2-2 1867480]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-3-12 168864]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2011-8-10 1556816]
R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-1-31 457536]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-7-7 11856]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-8 136176]
S3 GdNetMon;G Data Network Monitor;\??\C:\Windows\system32\drivers\GdNetMon64.sys --> C:\Windows\system32\drivers\GdNetMon64.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-8 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
.
=============== Created Last 30 ================
.
2012-03-29 09:26:34 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Malwarebytes
2012-03-29 09:26:31 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 09:26:30 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 09:26:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-27 12:59:17 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F18419E-EA9B-499C-8BC8-9C42901068F3}\mpengine.dll
2012-03-14 22:27:20 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 22:27:20 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:27:19 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 22:24:55 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 22:24:55 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 22:24:55 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 07:15:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 07:15:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 07:15:29 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 07:15:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 07:15:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 07:15:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 07:15:29 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 07:15:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-12 23:16:39 -------- d-----w- C:\Windows\System32\oodag
2012-03-12 23:14:38 -------- d-----w- C:\Users\Marcus\AppData\Local\O&O
2012-03-12 21:06:41 -------- d-----w- C:\Users\Marcus\AppData\Local\ESL Wire Game Client
2012-03-12 21:06:19 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe
2012-03-12 21:06:16 147472 ----a-w- C:\Windows\System32\drivers\ESLWireACD.sys
2012-03-12 21:06:12 25528 ----a-w- C:\Windows\System32\drivers\ESLvnic.sys
2012-03-12 21:06:12 -------- d-----w- C:\ProgramData\ESL Wire
2012-03-12 21:06:12 -------- d-----w- C:\Program Files\EslWire
2012-03-09 07:49:16 -------- d-----w- C:\Program Files\iPod
2012-03-09 07:49:15 -------- d-----w- C:\Program Files\iTunes
2012-03-09 07:49:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-06 16:42:33 -------- d-----w- C:\ProgramData\LightScribe
2012-03-06 15:44:51 -------- d-----w- C:\ProgramData\Nero
2012-03-05 15:44:20 -------- d-----w- C:\Users\Marcus\AppData\Local\CrashRpt
2012-03-05 13:37:08 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Canneverbe Limited
2012-03-05 13:37:08 -------- d-----w- C:\ProgramData\Canneverbe Limited
2012-03-05 11:04:20 -------- d-----w- C:\Program Files (x86)\DExUS
2012-02-29 13:57:11 -------- d-----w- C:\Users\Marcus\AppData\Local\ESN Sonar
2012-02-29 07:31:49 -------- d-----w- C:\Users\Marcus\AppData\Roaming\PlayClaw3
2012-02-29 07:26:56 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Sytexis Software
2012-02-29 07:26:07 -------- d-----w- C:\Program Files (x86)\Sytexis Software
.
==================== Find3M ====================
.
2012-03-29 07:38:06 595319 ----a-w- C:\Windows\SysWow64\sig.bin
2012-03-28 18:12:01 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-28 18:12:01 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-28 17:50:03 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-24 20:06:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-13 17:38:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 10:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 07:16:46 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-04 08:53:08 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2012-02-03 19:23:24 106648 ----a-w- C:\Windows\System32\drivers\GRD.sys
2012-02-01 15:50:21 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-02-01 09:06:01 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-01 09:06:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-31 09:51:10 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-01-30 23:26:16 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-01-30 23:00:00 53112 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2012-01-30 22:59:58 65912 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2012-01-30 22:59:58 50552 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2012-01-30 22:59:58 111992 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2012-01-30 22:38:39 59256 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2012-01-30 22:38:24 31608 ----a-w- C:\Windows\System32\drivers\GdNetMon64.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 13:10:52 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-01-03 13:10:48 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
.
============= FINISH: 12:25:51,53 ===============
Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 30.01.2012 22:50:33 System Uptime: 29.03.2012 12:22:42 (0 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH P67 Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 168 GiB total, 70,686 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1808,842 GiB free. E: is CDROM () F: is FIXED (NTFS) - 1863 GiB total, 1063,591 GiB free. H: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP54: 13.03.2012 18:37:46 - Installed Java(TM) 6 Update 31 RP55: 14.03.2012 17:35:06 - Windows Update RP56: 14.03.2012 23:26:08 - Windows Update RP57: 19.03.2012 08:01:32 - Removed Battlefield 1942 Secret Weapons of WWII Demo RP58: 20.03.2012 08:53:42 - Windows Update RP59: 23.03.2012 09:59:06 - Windows Update RP60: 27.03.2012 14:59:12 - Windows Update . ==== Installed Programs ====================== . Acrobat X Suite Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Captivate Quiz Results Analyzer Adobe Captivate Reviewer Adobe Community Help Adobe Media Player AI Suite II Apple Application Support Apple Software Update Battlefield 3™ Battlefield: Bad Company™ 2 Battlelog Web Plugins Browser Configuration Utility Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Multiplayer DAEMON Tools Lite Driver Genius Professional Edition eReg ESN Sonar Free YouTube to MP3 Converter version 3.10.15.1228 FxVisor G Data InternetSecurity 2012 Google Chrome Google Earth Plug-in Google Update Helper High-Definition Video Playback Homefront Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Java Auto Updater Java(TM) 6 Update 31 JDownloader 0.9 JMicron JMB36X Driver Kalender-Excel-8.8 LightScribe System Software Malwarebytes Anti-Malware Version 1.60.1.1000 marvell 91xx driver Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Nero 11 Nero 11 Cliparts Nero 11 Disc Menus 1 Nero 11 Disc Menus 2 Nero 11 Disc Menus 3 Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes 1 Nero 11 Kwik Themes 2 Nero 11 Kwik Themes 3 Nero 11 Kwik Themes 4 Nero 11 Kwik Themes Basic Nero 11 PiP Effects 1 Nero 11 PiP Effects Basic Nero 11 Video Samples Nero 11 Video Transitions 1 Nero Audio Pack 1 Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero Recode 11 Nero Recode 11 Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) nero.prerequisites.msi NVIDIA PhysX Origin Pandora Service PDF Settings CS5 PunkBuster Services Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) SHIFT 2 UNLEASHED™ Steam System Requirements Lab CYRI TeamSpeak 3 Client TeamViewer 7 The KMPlayer (remove only) Total War: SHOGUN 2 TuneUp Utilities 2011 TuneUp Utilities Language Pack (de-DE) Universal AntiCheat 3 v1.063 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Warhammer® 40,000®: Dawn of War® II – Retribution™ welcome . ==== End Of File =========================== Danke schonmal für eure Hilfe!! |
|
29.03.2012, 16:07
| #2 |
| /// Malware-holic   |  Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
30.03.2012, 08:54
| #3 |
| | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Hier das Ergebnis des OTL Scans:
__________________Code:
ATTFilter OTL logfile created on: 30.03.2012 10:00:55 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Marcus\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 73,68% Memory free 15,95 Gb Paging File | 13,39 Gb Available in Paging File | 83,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 167,58 Gb Total Space | 71,34 Gb Free Space | 42,57% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1808,84 Gb Free Space | 97,09% Space Free | Partition Type: NTFS Drive F: | 1863,02 Gb Total Space | 1063,59 Gb Free Space | 57,09% Space Free | Partition Type: NTFS Computer Name: GODLIKE | User Name: Marcus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.29 11:24:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.02.15 09:16:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.02.03 09:06:00 | 001,867,480 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe PRC - [2012.01.24 14:50:38 | 000,024,480 | ---- | M] () -- C:\Programme\EslWire\inGame32.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2011.10.28 15:36:43 | 001,617,416 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.09.16 15:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011.08.17 16:00:02 | 001,011,208 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2011.08.17 16:00:02 | 000,464,392 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011.04.30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.30 01:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.12.02 11:37:22 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe PRC - [2010.11.26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.10.12 17:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2010.09.24 22:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe ========== Modules (No Company Name) ========== MOD - [2012.02.16 09:35:33 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\052deceb97582fe7bd7eefd13e0c590c\IAStorUtil.ni.dll MOD - [2012.02.16 08:55:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012.02.16 08:55:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.16 08:55:36 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.16 08:55:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.16 08:55:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.16 08:55:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.16 08:55:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012.02.16 08:55:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.01 19:25:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll MOD - [2012.02.01 14:28:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2012.01.24 16:00:18 | 000,165,888 | ---- | M] () -- C:\Programme\EslWire\NocIPC32.dll MOD - [2012.01.24 14:50:38 | 000,447,904 | ---- | M] () -- C:\Programme\EslWire\inGame32.dll MOD - [2012.01.24 14:50:38 | 000,024,480 | ---- | M] () -- C:\Programme\EslWire\inGame32.exe MOD - [2012.01.03 15:10:54 | 000,019,968 | ---- | M] () -- F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.12.02 18:28:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2010.11.30 14:13:04 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll MOD - [2010.11.19 11:55:00 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2010.11.19 11:53:34 | 000,963,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 19:30:16 | 001,245,184 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.10.15 18:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.09.27 21:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2010.09.27 21:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2010.08.23 11:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll MOD - [2010.08.06 19:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 19:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.06.21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2009.08.12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.06.29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.02.15 09:16:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.02.03 09:06:00 | 001,867,480 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2012.02.02 12:33:02 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.17 19:20:58 | 003,273,552 | ---- | M] (O&O Software GmbH) [Auto | Running] -- F:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.10.28 03:41:08 | 002,191,808 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2011.10.24 04:16:16 | 004,726,608 | ---- | M] (O&O Software GmbH) [Auto | Running] -- F:\Program Files\OO Software\DiskImage\oodiag.exe -- (OO DiskImage) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.08.17 16:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.08.10 15:21:12 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2011.04.30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.03.11 16:12:42 | 000,316,744 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe -- (GatewayAgentService) SRV - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.02.03 21:23:24 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.01.31 11:51:10 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.01.31 01:00:00 | 000,053,112 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.01.31 00:59:58 | 000,111,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.01.31 00:59:58 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.01.31 00:59:58 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.01.31 00:38:39 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.01.31 00:38:24 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2011.10.25 10:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.10.25 10:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.10.24 04:16:56 | 000,259,312 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodivd.sys -- (oodivd) DRV:64bit: - [2011.10.24 04:16:56 | 000,044,272 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodivdh.sys -- (oodivdh) DRV:64bit: - [2011.10.24 04:16:56 | 000,040,688 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodisrh.sys -- (oodisrh) DRV:64bit: - [2011.10.24 04:16:54 | 000,118,000 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodisr.sys -- (oodisr) DRV:64bit: - [2011.10.12 08:33:42 | 000,316,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.07.20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2011.07.13 14:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.07.13 14:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.05.19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.07.07 16:46:56 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 1B 80 CE E9 09 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {9D8B8ECF-63A5-4032-9A19-3E7924445928} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1FDDE6D1-95C6-4a8e-896E-05057F565AB5}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{9D8B8ECF-63A5-4032-9A19-3E7924445928}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.13 11:01:35 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: FlashBlock = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.10_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Better Battlelog (BBLog) = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\1.5_0\ CHR - Extension: Donna Karan = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji\3_0\ CHR - Extension: Battlelog = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdecopbclicngfcdmhinokemjlmcihf\0.1_0\ CHR - Extension: Better Pop Up Blocker = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ CHR - Extension: Google Mail = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [OODefragTray] F:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [OODITRAY.EXE] F:\Program Files\OO Software\DiskImage\ooditray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] F:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB42126-F0AD-4072-B865-C5DF95C8A711}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\LightScribeControlPanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\LightScribeControlPanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d1e490b8-4b8b-11e1-a5ae-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d1e490b8-4b8b-11e1-a5ae-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.30 09:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.30 09:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.30 09:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.30 09:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.03.29 12:21:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.com [2012.03.29 11:26:34 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes [2012.03.29 11:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.29 11:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.29 11:26:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.29 11:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.29 11:24:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe [2012.03.13 21:10:35 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.13 21:10:35 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.13 19:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.03.13 19:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.03.13 01:16:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2012.03.13 01:14:38 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\O&O [2012.03.12 23:06:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\ESL Wire Game Client [2012.03.12 23:06:16 | 000,147,472 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2012.03.12 23:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire [2012.03.12 23:06:12 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2012.03.12 23:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire [2012.03.12 23:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire [2012.03.06 18:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2012.03.06 18:42:08 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Nero [2012.03.06 17:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.03.06 17:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.03.06 17:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.03.05 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\CrashRpt [2012.03.05 17:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerra [2012.03.05 15:37:08 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Canneverbe Limited [2012.03.05 15:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.03.05 13:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Anticheat 3 [2012.03.05 13:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DExUS [2012.02.29 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\ESN Sonar ========== Files - Modified Within 30 Days ========== [2012.03.30 09:58:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.30 09:58:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000UA.job [2012.03.30 09:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.30 09:53:28 | 000,018,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 09:53:28 | 000,018,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 09:51:10 | 000,595,928 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.03.30 09:51:10 | 000,038,374 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.03.30 09:50:53 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.30 09:50:53 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.30 09:50:53 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.30 09:50:53 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.30 09:50:53 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.30 09:46:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.30 09:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.30 09:46:12 | 000,048,488 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.03.29 13:46:12 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.29 13:46:12 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.29 13:20:50 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.03.29 12:22:02 | 000,000,188 | ---- | M] () -- C:\Users\Marcus\defogger_reenable [2012.03.29 12:18:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.com [2012.03.29 12:17:55 | 000,050,477 | ---- | M] () -- C:\Users\Marcus\Desktop\Defogger.exe [2012.03.29 11:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.29 11:24:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe [2012.03.29 11:21:43 | 000,001,404 | ---- | M] () -- C:\Users\Marcus\Desktop\Install Windows.lnk [2012.03.28 14:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000Core.job [2012.03.15 00:36:08 | 004,968,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.13 01:14:35 | 000,002,689 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2012.03.12 23:06:16 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.03.05 13:04:23 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Universal Anticheat 3.lnk [2012.03.01 02:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.01 02:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.02.29 22:59:29 | 002,515,790 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin ========== Files Created - No Company Name ========== [2012.03.30 09:58:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.29 12:22:02 | 000,000,188 | ---- | C] () -- C:\Users\Marcus\defogger_reenable [2012.03.29 12:21:47 | 000,050,477 | ---- | C] () -- C:\Users\Marcus\Desktop\Defogger.exe [2012.03.29 11:26:31 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.29 11:21:43 | 000,001,404 | ---- | C] () -- C:\Users\Marcus\Desktop\Install Windows.lnk [2012.03.13 16:06:37 | 000,048,488 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor [2012.03.13 01:14:35 | 000,002,689 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2012.03.12 23:06:19 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.03.12 23:06:16 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.03.05 13:04:23 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Universal Anticheat 3.lnk [2012.02.04 10:53:08 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.01.31 13:40:23 | 000,595,928 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.01.31 01:15:31 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.31 01:15:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.01.31 00:12:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012.01.31 00:12:04 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.01.31 00:12:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.01.31 00:12:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.01.30 23:52:52 | 000,038,219 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.01.30 23:52:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.01.30 23:52:13 | 000,024,998 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2012.03.05 15:37:08 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Canneverbe Limited [2012.03.10 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite [2012.02.13 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoft [2012.02.13 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.01 17:50:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Leadertech [2012.01.31 00:28:07 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Origin [2012.02.29 09:32:37 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PlayClaw3 [2012.02.29 09:26:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sytexis Software [2012.02.06 00:22:44 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer [2012.02.03 22:29:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client [2012.02.01 14:59:48 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TuneUp Software [2012.03.26 12:46:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.07 19:47:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.02.01 11:10:38 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.30 23:50:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.30 23:53:10 | 000,000,000 | ---D | M] -- C:\Intel [2012.01.31 12:04:10 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.03.13 21:11:18 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.30 09:58:38 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.30 09:58:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.29 11:26:31 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.30 23:50:32 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.30 23:59:02 | 000,000,000 | ---D | M] -- C:\RaidTool [2012.01.30 23:50:32 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.30 10:02:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.31 00:52:16 | 000,000,000 | R--D | M] -- C:\Users [2012.03.14 09:12:52 | 000,000,000 | ---D | M] -- C:\Windows [2012.02.18 15:18:58 | 000,000,000 | ---D | M] -- C:\WindowsESD < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.29 12:22:02 | 000,000,188 | ---- | M] () -- C:\Users\Marcus\defogger_reenable [2012.03.30 10:02:02 | 001,835,008 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT [2012.03.30 10:02:02 | 000,262,144 | ---- | M] () -- C:\Users\Marcus\ntuser.dat.LOG1 [2012.01.30 23:50:35 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\ntuser.dat.LOG2 [2012.01.30 23:54:45 | 000,065,536 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.01.30 23:54:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.01.30 23:54:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.10.25 12:31:30 | 000,000,020 | -HS- | M] () -- C:\Users\Marcus\ntuser.ini [2012.01.31 00:13:24 | 000,000,538 | ---- | M] () -- C:\Users\Marcus\Patcher.log [2011.05.13 23:40:52 | 000,003,433 | ---- | M] () -- C:\Users\Marcus\unigine_20110513_2340.html < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Geändert von r|sen_82 (30.03.2012 um 09:16 Uhr) |
|
30.03.2012, 10:58
| #4 | |
| /// Malware-holic | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich)Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.03.2012, 11:37
| #5 |
| | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Hmm, wie lange dauert das denn? Bis der sein logfile erstellt hat?? Warte nun nach dem Neustart schon ca. 15min, immer noch die gleiche Meldung...  Okay, es ging dann doch irgendwann voran. Das Ding braucht ja ewig.. ^^ Was macht das Prog denn genau? Fix klingt ja nach "reparieren"? Hier das Log Code:
ATTFilter ComboFix 12-03-30.06 - Marcus 30.03.2012 12:12:32.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8169.5865 [GMT 2:00]
ausgeführt von:: c:\users\Marcus\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-30 ))))))))))))))))))))))))))))))
.
.
2012-03-30 10:25 . 2012-03-30 10:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-30 10:25 . 2012-03-30 10:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 08:01 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38B6B800-3D21-4043-9D35-A8BA66B55B50}\mpengine.dll
2012-03-30 07:58 . 2012-03-30 07:58 -------- d-----w- c:\program files\iPod
2012-03-30 07:58 . 2012-03-30 07:58 -------- d-----w- c:\program files\iTunes
2012-03-30 07:58 . 2012-03-30 07:58 -------- d-----w- c:\program files (x86)\iTunes
2012-03-29 09:26 . 2012-03-29 09:26 -------- d-----w- c:\users\Marcus\AppData\Roaming\Malwarebytes
2012-03-29 09:26 . 2012-03-29 09:26 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 09:26 . 2012-03-29 09:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 09:26 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 22:27 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:27 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 22:24 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 22:24 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 22:24 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:15 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 07:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 07:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:15 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:38 . 2012-03-13 17:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-13 17:38 . 2012-03-13 17:38 -------- d-----w- c:\program files (x86)\Java
2012-03-12 23:16 . 2012-03-12 23:16 -------- d-----w- c:\windows\system32\oodag
2012-03-12 23:14 . 2012-03-12 23:14 -------- d-----w- c:\users\Marcus\AppData\Local\O&O
2012-03-12 21:06 . 2012-03-30 10:26 -------- d-----w- c:\users\Marcus\AppData\Local\ESL Wire Game Client
2012-03-12 21:06 . 2012-01-24 12:50 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2012-03-12 21:06 . 2012-01-24 12:50 147472 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-03-12 21:06 . 2012-03-12 21:06 -------- d-----w- c:\program files\EslWire
2012-03-12 21:06 . 2012-03-12 21:06 -------- d-----w- c:\programdata\ESL Wire
2012-03-12 21:06 . 2012-01-24 12:50 25528 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2012-03-06 16:42 . 2012-03-06 16:42 -------- d-----w- c:\programdata\LightScribe
2012-03-06 16:42 . 2012-03-06 16:42 -------- d-----w- c:\users\Marcus\AppData\Roaming\Nero
2012-03-06 15:44 . 2012-03-06 15:46 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-03-06 15:44 . 2012-03-06 15:50 -------- d-----w- c:\programdata\Nero
2012-03-05 15:44 . 2012-03-05 15:44 -------- d-----w- c:\users\Marcus\AppData\Local\CrashRpt
2012-03-05 13:37 . 2012-03-05 13:37 -------- d-----w- c:\users\Marcus\AppData\Roaming\Canneverbe Limited
2012-03-05 13:37 . 2012-03-05 13:37 -------- d-----w- c:\programdata\Canneverbe Limited
2012-03-05 11:04 . 2012-03-05 11:04 -------- d-----w- c:\program files (x86)\DExUS
2012-02-29 13:57 . 2012-02-29 19:50 -------- d-----w- c:\users\Marcus\AppData\Local\ESN Sonar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 10:00 . 2012-01-31 12:30 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-30 10:00 . 2012-01-30 23:15 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-30 09:52 . 2012-01-30 23:15 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-24 20:06 . 2012-01-30 22:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-13 17:38 . 2012-01-31 08:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 00:02 . 2012-02-21 14:10 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-01-30 22:50 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-01-30 22:50 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-01-30 22:50 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-05-21 05:01 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2012-01-30 21:58 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2012-01-30 21:58 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2012-01-30 21:58 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2012-01-30 21:58 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2012-01-30 21:58 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2012-01-30 21:58 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2012-02-21 14:11 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-23 08:18 . 2012-01-30 22:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 07:16 . 2012-01-30 23:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-04 08:53 . 2012-02-04 08:53 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2012-02-03 19:23 . 2012-02-03 19:23 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-02-01 15:50 . 2012-02-01 15:50 53248 ----a-r- c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-01 15:50 . 2012-02-01 15:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-01 09:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-01 09:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-31 09:51 . 2012-01-31 09:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-30 23:26 . 2012-01-30 23:26 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-30 23:00 . 2012-01-30 22:38 53112 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2012-01-30 22:59 . 2012-01-30 22:38 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-01-30 22:59 . 2012-01-30 22:38 50552 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-01-30 22:59 . 2012-01-30 22:38 111992 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-01-30 22:38 . 2012-01-30 22:38 59256 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-01-30 22:38 . 2012-01-30 22:38 31608 ----a-w- c:\windows\system32\drivers\GdNetMon64.sys
2012-01-30 22:22 . 2012-01-30 22:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-30 22:22 . 2012-01-30 22:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-30 22:22 . 2012-01-30 22:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-30 22:22 . 2012-01-30 22:22 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-30 22:22 . 2012-01-30 22:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-30 22:22 . 2012-01-30 22:22 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-30 22:22 . 2012-01-30 22:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-30 22:22 . 2012-01-30 22:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-30 22:22 . 2012-01-30 22:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-30 22:22 . 2012-01-30 22:22 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-30 22:22 . 2012-01-30 22:22 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-30 22:22 . 2012-01-30 22:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-30 22:22 . 2012-01-30 22:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-30 22:22 . 2012-01-30 22:22 448512 ----a-w- c:\windows\system32\html.iec
2012-01-30 22:22 . 2012-01-30 22:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-30 22:22 . 2012-01-30 22:22 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-30 22:22 . 2012-01-30 22:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-30 22:22 . 2012-01-30 22:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-30 22:22 . 2012-01-30 22:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-30 22:22 . 2012-01-30 22:22 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-30 22:22 . 2012-01-30 22:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-30 22:22 . 2012-01-30 22:22 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-30 22:22 . 2012-01-30 22:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-30 22:22 . 2012-01-30 22:22 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-30 22:22 . 2012-01-30 22:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-30 22:22 . 2012-01-30 22:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-30 22:22 . 2012-01-30 22:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-30 22:22 . 2012-01-30 22:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-30 22:22 . 2012-01-30 22:22 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-30 22:22 . 2012-01-30 22:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-30 22:22 . 2012-01-30 22:22 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-30 22:22 . 2012-01-30 22:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-30 22:22 . 2012-01-30 22:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-30 22:22 . 2012-01-30 22:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-04 10:44 . 2012-02-15 05:26 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 05:26 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 13:10 . 2012-01-03 13:10 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-01-03 13:10 . 2012-01-03 13:10 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2012-02-14 4009472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-08-17 1011208]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
"Acrobat Assistant 8.0"="f:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"NBAgent"="f:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="f:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 136176]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2011-08-17 464392]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2011-10-28 2191808]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2011-03-11 316744]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 OO DiskImage;OO DiskImage;f:\program files\OO Software\DiskImage\oodiag.exe [2011-10-24 4726608]
S2 OODefragAgent;O&O Defrag;f:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2011-08-10 1556816]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-07 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 13:47]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 13:47]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000Core.job
- c:\users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 22:42]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000UA.job
- c:\users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 22:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2011-10-24 02:16 130384 ----a-w- f:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"OODITRAY.EXE"="f:\program files\OO Software\DiskImage\OODITRAY.EXE" [2011-10-24 3089232]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"OODefragTray"="f:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI05.00.00.01PRO"="7092FD832369C86909A49A7DF1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E66771292E97AFF59C898184F72D0A3B572583CC3BE3E910937E1079628A30D4A4358BA34341A442AD8640426893190AAFA00936ED6B13CB34B200A9ECD20CDBF7DACAB6EE81C1D4B1DAEC69043D93FEE322330BD20DED01BD2AA53BC73CCCE911168FE2CF20CB804F331868A1C63D69A13F64C497DA601D09FD53581CEB9AAA10A53E9E257DC94D8E1655A2B8E3204F7C5F82538EFA9441D01DDE9CB6205F7C7A1D3D50D30809F55E5A3EEBE95B0AE8E8BFF51A302979C234C8231606A849EF38E279D86646186B8EAA6E8F74860B2242F12D6F96B5C02CB617014B1F6A4E4F1632E00609514C50D488084C4153781CC7591A9E0103603B40F0D7B339DB23914319689E8BD63DFBCB47AF5258C56BAB9A30B2E5D188925F9B161139AF8AC267D5F907DA6496C77A6F0E0CC866F1415842016FF9105155BF7816943E83186FB2C48C39682B680C8B22D94CC840839A5FA7AFCE80E67C6BB5E958D31658B6288AEC5BFEE79D336DA1A9789EE15AB8DDB11B6ED116253ED94EE795BF89F52E37370F455A6D1C7594E5AC0FB9964EE3B3F2CD487FC6BD5D6CCB4D5CCE53485DA6B950FBD3832DBF6DB23C15D4D95AE9887B5697609948B52F23DA0DFDA3DE32C5C4B688F6A6F6B8A717C757AD1860C68ED72F0E0202FDB476FEB1DEC89EED32A73C31C3D3C748973957257404AE6608B94AB631F5EC3EDFD7BADB5BB35D4DF4A23D0EDCFCCB122C586B0D601D6F16CF44C52FD9D3B88D4D2C69C160456A79A7D21604578B8C67D5027E1E624221BE552A73BEB3B1B811281350359F88C6918A1847A8099AD50409F570D8173E7D4F622E2FF0BF3134942FED69699E0B66D8709309FA1D496942D1B9D3A26E63B2DFD3D30AB2D370E58738636173B65FB0B943AEC65A123B7CA44B93F046AB8561AA9D65C7579697FB7AA75C99D1161D033D7E921C0A3C1A38CFA89042EEE57DA10CC5706216084F9AA6FA0929623FDE2B9531AFDD343F0E380C2D01F8AE0BA7FC87E6C48587F5C4D86640DA586887C26F94823812E499C98EC6337877FCD8656FC1AD7811AB86AA41389986248B976B86B32924730C9700C090274F5530E39BED045E631BE23236D33FC088BE576F001D0FF02FEF7E5CE6C69E0CA25F8892B15CBECDA4EAF546A002427F9C8E3B5EAAD2E3BAD62AF35F3C8F49F4D193A5A3159602E69BFC0D63A8B32CB6C6AB0A0C1ABB99FA5F7889EA3FF90E0D80258C2536E80428EE03B87D8E430C574C65FB7181E0B6B94F66BF1EB2DB8D9096FC287A0A169EA387E06ADD9981946AB7BA2DDB18BC669272B1F9EB5E7D0D"
"OODI06.00.00.01PRO"="A44CA6425F19CA2564A6D4D797EC33D293C58CA8B1ACA1C9542C8A91C60550C551CE166EC59D4621A364EF31A6A0595AC893DFD22189BCE99BEDC38E73C420686FB1BD6CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E667B86442A0907D2CFA8F652377A8D210724BA1A5C64F5BCC5D488FB645583053AF4D800CED25D71867CF3D3A9C3214B71A547AEA8BBB742E4CD31695136FC21E27BBAAD2BF34B7A1EB74ED37357389BBC6FC5F43E303BD43E7154F619093D470EE78A6F420B7C5F2AD2A8EF8C7F03F152D4C5E2E75D4C6748E0CDAD89FBE9EC7B51D4711D0947C38C6C2499F91179542F2EC14EB9944F6B015DBEC00D74BA8239AE5778B430EAB214535DC10823343C3B4AD3585DDC8076BC2CE4D1C837AD185B3B3B30C21CCF763AA1B1B734076CEA000020942823F069B55CED9BAA1F04F76090C8D0144E0D8B6EDB169B7A3F9166158806A31FEE4D33A7B6C8129E4B7258399182A173CB99AD8775B440E37364A94B3E448A4FCDDA7C6D9DBC97BB1B9303A54A34246CD2D5C0A281E37EA3D8A6F4C7F8C26B358B28BC58875C988A4C81EAE1FA0A3C3EEF4118E4F24E68729B85E1C987B9CB622CC5C3A12B22DEC8C9770F8D3A2300C4D2E82AE343A8761A467C320D2D7D34D237DCC32F7B5B605E9C001B43E645C60C55ACA3890D265398AA0A0F3F56D8ED8D077E03A2EC1B775753EF8019F413245EDDE5AFB12055D95ED544A3ABBA99E00DB50F4659C3F1C2618F25603ADBACD010C06754DDB8862BD90D2699853A1EAABA586B4CA9EB85C41F1A1ECE01176E0A01CFA3285033DFABEEC53F8B8608AEE0C41F7A28505600B36D37363C6E53BB2F54ED0FD019123C06BAE71CC48F9403A12F96815B21408CAB84574B4E33FF7981385FC192186E16258B52907F8ABC0EFF3CC7E34F682A756BE01942EEC1F3D83CFD8D795CA5243A15E985F220072AFC72C6C4600F6FDDCF703F329751982BFF2C915A05BE45C33559A1E58E91743D30C783C2F485EA566100743E97EA3D2D7FB60B877A7DD7DC5E76F4340FEFC84979C5BD80CB3DB0D28148CC273954BF203C839F660092505B0D60039A35671900AEC1A0C943C223CA88B1AFE46D7D5B7E296B939C7643035CCB5B562F6BABBB75E04405AE5AEE7B017137CB5C7BA8A693A361019F87076429829BEDA8F46243C6B7D9AF7FB2F6759C0D941D83E03B346738C2C66263976D7B56D8C6BA76A7AD52D873C4EBCB0DF1B9B25BC90D64D227E1C9441A4E41E2F926ACE53975EEB0EAD40E7FBFB6F7E13CC3D4D85B5A30628376359C80DAD54268520B00D1235E435E468F27251BDB5483BE23EF65796719F0A9E7D7E095EE1E4B6E5087544"
"OODEFRAG15.00.00.01PROFESSIONAL"="418C2C4C177CDC8FB69EBBD42C23EFB9B7BAC191787AF8BDFCD6731797196F75485DFCA3FD237CB5A66C37063AF1EE6B39F0E657D0164E759808117F201CEC56BEB0DA1557B1983689D5FDFDFD0B51B1C79F4DEB8924967C5617C12703C9BDCBD11DA421BEF963A14F2D3862238ADE5233F204BD7EAE50EC8830215E6DB83BE572E99D9E52BD2F9CAB78F22D598305A6905182891133A4F644342BC992F365C75997FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5555D575E7D6A3B980897BB795C4EA4FB151FA30A297EA544CD522D4C626BAFC150837A1A487D2ED193180418C8D16F7F9B996057149E952D6FD9629572175156DF25797A75E9F96094067171F148E7707A13F513CD01A9E370596E979BAF01C84E46255C067035EC3AAE3D810F2FB27E4DE380879B7EFC3A8551F48B4D856C278E2DC28DB47A4368D1C4F2C248A88999DDC5F080318FBDBF992369316C0CD9C348086EDAB413A006605D71B53CF93BF62E568C50BCD3B1CBC71797CBD15C21B7D467179BAA6CD73E1D716E60FC0EAA8F7219EA4EDA102DF7645A9C2148B02EDC423EFEA42EDB0B4D725EEFCA1173CDA093F279D19F289D22F37A6A7B116981D2D4E63D52CD5870348065D28172D9AD2C2CAF793A1329016E2E6AC5AADD8BAE7C021CBB840B014F369BAD46950E976A7610FDFE672EC1EBC003034A00593DDF81F3FE3B9FD895075B4ABD4E1BC7293688C06E734161C204C313FE64539E4B4FCB8A924C0A227A8770C905432BF3A856AF787893308E2606E534FDD57FBCA64D8CD5C1D63042B9D60586D4CE615D5B24FC2377EE218E85C05A6F823561B8E1BFB49F5794018C000E6DA6E0F26042A490C6E028EB862B1F979582F4EADD8B349EFCDF041671C31E5AC1814503CB54909BA4872D42D6245602515EA0B6D91EFBF460465C3C772288FB5E217C264BB9CBDD749E8E7F8AAB32890FA936A8C0D337631DB4D83F90D3D8CAE3466AD88C8C28FED762B5032068DDCF8CBDC52701FE0A1FB74255A9BAFA4BADB5E452E9415A9BBD33C4EF8318762786D328496C8D683DEF75B9135AF92CC023FA225FFD1BA5BF6EAEE77188F8E48276ACA91B055D4BBA316319B5835770BFBA235C9E8C5663D476B9284F6F4DB586F9A5B7FBD4E9D795D44F9345AB5C44EE9C5A2101E12D7F39CE848D0568A0E16C7F917C8D0F33327EDDCD8D302E9A1A9B7F18B55C1D60D6F48683DBEFF78551940C86D557BFBAF24F653424443A24D4B833929069B1B53CB140F08653F813E582B5DD54474308A503171FA5B7D112CF589646DC46E8F5F3BCB24936D495DFF15B28363E2A4CA4CA3A336D12A1CC0056B51F73F973DC6C3A8826CDC7FECF0D3B6BA2"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-30 12:48:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-30 10:48
.
Vor Suchlauf: 10 Verzeichnis(se), 76.132.536.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 75.667.320.832 Bytes frei
.
- - End Of File - - BCD4089F7DA5FB08CD1FE9414323DF18
Geändert von r|sen_82 (30.03.2012 um 11:52 Uhr) |
|
01.04.2012, 11:25
| #6 |
| | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Hallo?? Wurde der hier vergessen??  |
|
02.04.2012, 09:37
| #7 |
| /// Malware-holic | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) öffne malwarebytes, logdateien, poste alle berichte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.04.2012, 11:50
| #8 |
| | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Ahhh, da kommt doch noch was.. Die Scanberichte meinst du? Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.29.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcus :: GODLIKE [Administrator] Schutz: Aktiviert 29.03.2012 12:54:50 mbam-log-2012-03-29 (12-54-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 402188 Laufzeit: 20 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.04.2012, 17:00
| #9 |
| /// Malware-holic | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) ist das der einzige?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.04.2012, 17:46
| #10 |
| | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Das hier kann ich noch anbieten: Code:
ATTFilter 2012/03/29 11:27:09 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/29 11:27:10 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/29 11:27:13 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/29 11:27:14 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/29 12:14:53 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/29 12:14:54 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/29 12:14:57 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/29 12:14:58 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/29 12:25:18 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/29 12:25:19 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/29 12:25:22 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/29 12:25:23 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/03/30 09:48:26 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/30 09:48:27 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/30 09:48:30 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/30 09:48:31 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/30 09:54:37 +0200 GODLIKE Marcus MESSAGE Stopping IP protection
2012/03/30 09:55:06 +0200 GODLIKE Marcus MESSAGE IP Protection stopped
2012/03/30 09:57:35 +0200 GODLIKE Marcus MESSAGE Executing scheduled update: Daily
2012/03/30 09:57:43 +0200 GODLIKE Marcus MESSAGE Scheduled update executed successfully: database updated from version v2012.03.29.03 to version v2012.03.30.02
2012/03/30 09:57:43 +0200 GODLIKE Marcus MESSAGE Starting database refresh
2012/03/30 09:57:44 +0200 GODLIKE Marcus MESSAGE Database refreshed successfully
2012/03/30 11:28:24 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/30 11:28:25 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/30 11:28:28 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/30 11:28:29 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/30 11:28:44 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49309, Process: pandoraservice.exe)
2012/03/30 11:32:52 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49525, Process: pandoraservice.exe)
2012/03/30 11:33:56 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49534, Process: pandoraservice.exe)
2012/03/30 11:36:04 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49572, Process: pandoraservice.exe)
2012/03/30 11:39:08 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49691, Process: pandoraservice.exe)
2012/03/30 11:39:40 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49692, Process: pandoraservice.exe)
2012/03/30 11:39:40 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49693, Process: pandoraservice.exe)
2012/03/30 11:40:12 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 49895, Process: pandoraservice.exe)
2012/03/30 11:41:16 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50216, Process: pandoraservice.exe)
2012/03/30 11:42:20 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50610, Process: pandoraservice.exe)
2012/03/30 11:44:28 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50641, Process: pandoraservice.exe)
2012/03/30 11:48:36 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50701, Process: pandoraservice.exe)
2012/03/30 11:50:45 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50826, Process: pandoraservice.exe)
2012/03/30 11:52:53 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50981, Process: pandoraservice.exe)
2012/03/30 11:53:57 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50989, Process: pandoraservice.exe)
2012/03/30 11:55:01 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 50995, Process: pandoraservice.exe)
2012/03/30 11:56:05 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 51006, Process: pandoraservice.exe)
2012/03/30 11:57:09 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 51011, Process: pandoraservice.exe)
2012/03/30 11:58:13 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 51021, Process: pandoraservice.exe)
2012/03/30 11:59:17 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 51047, Process: pandoraservice.exe)
2012/03/30 12:00:05 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 51112, Process: pandoraservice.exe)
2012/03/30 12:00:05 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 51113, Process: pandoraservice.exe)
2012/03/30 12:00:21 +0200 GODLIKE Marcus IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 51118, Process: pandoraservice.exe)
2012/03/30 12:10:04 +0200 GODLIKE Marcus MESSAGE Stopping IP protection
2012/03/30 12:10:34 +0200 GODLIKE Marcus MESSAGE IP Protection stopped
2012/03/30 12:52:41 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/30 12:52:42 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/30 12:52:45 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/30 12:52:45 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/30 18:11:01 +0200 GODLIKE (null) MESSAGE Executing scheduled update: Daily
2012/03/30 18:11:04 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/30 18:11:05 +0200 GODLIKE Marcus ERROR Scheduled update failed: I/O error failed with error code 0
2012/03/30 18:11:06 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/30 18:11:09 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/30 18:11:09 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/30 18:24:34 +0200 GODLIKE Marcus MESSAGE Starting database refresh
2012/03/30 18:24:34 +0200 GODLIKE Marcus MESSAGE Stopping IP protection
2012/03/30 18:25:13 +0200 GODLIKE Marcus MESSAGE IP Protection stopped
2012/03/30 18:25:15 +0200 GODLIKE Marcus MESSAGE Database refreshed successfully
2012/03/30 18:25:15 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/30 18:25:15 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/03/31 08:37:53 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/31 08:37:54 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/31 08:37:57 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/31 08:37:58 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/31 09:18:22 +0200 GODLIKE Marcus IP-BLOCK 109.163.226.203 (Type: outgoing, Port: 50379, Process: chrome.exe)
2012/03/31 09:18:22 +0200 GODLIKE Marcus IP-BLOCK 109.163.226.203 (Type: outgoing, Port: 50380, Process: chrome.exe)
2012/03/31 09:18:38 +0200 GODLIKE Marcus IP-BLOCK 109.163.226.203 (Type: outgoing, Port: 50382, Process: chrome.exe)
2012/03/31 09:18:38 +0200 GODLIKE Marcus IP-BLOCK 109.163.226.203 (Type: outgoing, Port: 50383, Process: chrome.exe)
2012/03/31 13:30:30 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/31 13:30:31 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/31 13:30:34 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/31 13:30:35 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/31 22:06:11 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/03/31 22:06:12 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/03/31 22:06:13 +0200 GODLIKE Marcus MESSAGE Executing scheduled update: Daily
2012/03/31 22:06:15 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/31 22:06:16 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/03/31 22:06:22 +0200 GODLIKE Marcus MESSAGE Scheduled update executed successfully: database updated from version v2012.03.30.06 to version v2012.03.31.11
2012/03/31 22:06:22 +0200 GODLIKE Marcus MESSAGE Starting database refresh
2012/03/31 22:06:22 +0200 GODLIKE Marcus MESSAGE Stopping IP protection
2012/03/31 22:06:53 +0200 GODLIKE Marcus MESSAGE IP Protection stopped
2012/03/31 22:06:55 +0200 GODLIKE Marcus MESSAGE Database refreshed successfully
2012/03/31 22:06:55 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/03/31 22:06:55 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/04/01 12:23:45 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/04/01 12:23:46 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/04/01 12:23:49 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/04/01 12:23:49 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/04/01 15:24:36 +0200 GODLIKE Marcus MESSAGE Executing scheduled update: Daily
2012/04/01 15:24:43 +0200 GODLIKE Marcus MESSAGE Scheduled update executed successfully: database updated from version v2012.03.31.11 to version v2012.04.01.01
2012/04/01 15:24:43 +0200 GODLIKE Marcus MESSAGE Starting database refresh
2012/04/01 15:24:43 +0200 GODLIKE Marcus MESSAGE Stopping IP protection
2012/04/01 15:25:27 +0200 GODLIKE Marcus MESSAGE IP Protection stopped
2012/04/01 15:25:29 +0200 GODLIKE Marcus MESSAGE Database refreshed successfully
2012/04/01 15:25:29 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/04/01 15:25:29 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/04/01 18:39:01 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/04/01 18:39:03 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/04/01 18:39:06 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/04/01 18:39:06 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/04/02 07:38:00 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/04/02 07:38:01 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/04/02 07:38:04 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/04/02 07:38:04 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/04/02 12:44:52 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/04/02 12:44:53 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/04/02 12:44:56 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/04/02 12:44:57 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/04/02 12:45:14 +0200 GODLIKE Marcus MESSAGE Starting database refresh
2012/04/02 12:45:14 +0200 GODLIKE Marcus MESSAGE Stopping IP protection
2012/04/02 12:45:44 +0200 GODLIKE Marcus MESSAGE IP Protection stopped
2012/04/02 12:45:45 +0200 GODLIKE Marcus MESSAGE Database refreshed successfully
2012/04/02 12:45:45 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/04/02 12:45:45 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
2012/04/02 15:10:24 +0200 GODLIKE Marcus MESSAGE Executing scheduled update: Daily
2012/04/02 15:10:25 +0200 GODLIKE Marcus MESSAGE Database already up-to-date
2012/04/02 18:40:47 +0200 GODLIKE Marcus MESSAGE Starting protection
2012/04/02 18:40:48 +0200 GODLIKE Marcus MESSAGE Protection started successfully
2012/04/02 18:40:51 +0200 GODLIKE Marcus MESSAGE Starting IP protection
2012/04/02 18:40:52 +0200 GODLIKE Marcus MESSAGE IP Protection started successfully
|
|
02.04.2012, 20:07
| #11 |
| /// Malware-holic | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) also das sieht alles gut aus. ist das problem noch mal aufgetreten?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 07:05
| #12 |
| | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Komischerweise bisher nicht mehr... Keine Ahnung was da los war, oder warum das überhaupt so kam. Ich bedanke mich jedenfalls herzlich bei Dir für Deine Hilfe!  |
|
03.04.2012, 11:17
| #13 |
| /// Malware-holic | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) will noch was prüfen: lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.04.2012, 05:56
| #14 |
| | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) Jawoll, wie gewünscht hier die Liste: Code:
ATTFilter Acrobat X Suite Adobe Systems Incorporated 30.01.2012 3.537MB 1.0 Adobe Acrobat X Pro - English, Français, Deutsch Adobe Systems 12.02.2012 2.758MB 10.1.2 Adobe AIR Adobe Systems Inc. 30.01.2012 1.5.3.9130 Adobe Captivate Quiz Results Analyzer Adobe Systems Incorporated 30.01.2012 1.0 Adobe Captivate Reviewer Adobe Systems Incorporated 30.01.2012 2.0 Adobe Community Help Adobe Systems Incorporated 30.01.2012 3.0.0.400 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 23.03.2012 6,00MB 11.1.102.63 Adobe Media Player Adobe Systems Incorporated 30.01.2012 1.8 ADOBE ist denke ich mal nötig.... AI Suite II ASUSTeK 30.01.2012 1.01.13 notwendig Apple Application Support Apple Inc. 08.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 08.03.2012 24,9MB 5.1.1.4 Apple Software Update Apple Inc. 31.01.2012 2,38MB 2.1.3.127 gehört zum iPhone bzw. iTunes Battlefield 3™ Electronic Arts 30.01.2012 1.0.0.0 sehr notwendig ;) Battlefield: Bad Company™ 2 Electronic Arts 03.02.2012 8.540MB 1.0.0.0 notwendig Battlelog Web Plugins EA Digital Illusions CE AB 26.03.2012 1.118.0 notwendig Bonjour Apple Inc. 31.01.2012 2,00MB 3.0.0.10 ebenfalls Apple, acht notwendig, oder? Browser Configuration Utility DeviceVM Inc. 29.01.2012 3,14MB 1.0.10.0 keine Ahnung, kenne ich nicht. vllt. unnötig? Call of Duty: Modern Warfare 2 Infinity Ward 02.02.2012 bekannt & notwendig Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 02.02.2012 notwendig Call of Duty: Modern Warfare 3 Infinity Ward - Sledgehammer Games 01.02.2012 notwendig Call of Duty: Modern Warfare 3 - Multiplayer Infinity Ward - Sledgehammer Games 01.02.2012 notwendig CCleaner Piriform 03.04.2012 3.17 notwendig DAEMON Tools Lite DT Soft Ltd 30.01.2012 4.45.2.0287 gelegentlich benötigt Driver Genius Professional Edition Driver-Soft Inc. 31.01.2012 16,1MB 11.0 unnötig ESL Wire 1.11.1 Turtle Entertainment GmbH 11.03.2012 60,8MB notwendig ESN Sonar ESN Social Software AB 12.03.2012 0.70.4 notwendig Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 12.02.2012 85,6MB notwendig FxVisor Frameworkx 30.01.2012 0,40MB 1.3.0 notwendig G Data InternetSecurity 2012 G Data Software AG 29.01.2012 85,5MB 22.0.0.0 notwendig Google Chrome Google Inc. 29.01.2012 18.0.1025.142 notwendig Google Earth Plug-in Google 07.02.2012 48,7MB 6.2.1.6014 unnötig Homefront THQ 02.02.2012 unnötig iCloud Apple Inc. 08.03.2012 33,2MB 1.1.0.40 notwendig Intel(R) Management Engine Components Intel Corporation 30.01.2012 8.0.0.1351 notwendig Intel(R) Network Connections 16.5.2.0 Intel 29.01.2012 15,1MB 16.5.2.0 notwendig Intel(R) Rapid Storage Technology Intel Corporation 30.01.2012 10.5.0.1026 notwendig iTunes Apple Inc. 29.03.2012 156,9MB 10.6.1.7 notwendig Java(TM) 6 Update 31 Oracle 12.03.2012 95,1MB 6.0.310 notwendig JDownloader 0.9 AppWork GmbH 30.01.2012 0.9 notwendig JMicron JMB36X Driver JMicron Technology Corp. 31.01.2012 1.17.63.1 notwendig Kalender-Excel-8.8 MSDatec 31.01.2012 2,52MB 8.8 unnötig LightScribe System Software LightScribe 30.01.2012 25,2MB 1.18.22.2 unnötig Logitech SetPoint 6.32 Logitech 31.01.2012 39,1MB 6.32.20 notwendig Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 28.03.2012 17,4MB 1.60.1.1000 notwendig, oder? marvell 91xx driver Marvell 31.01.2012 1.2.0.1016 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 30.01.2012 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 30.01.2012 2,94MB 4.0.30319 notwendig Microsoft Office Professional Plus 2010 Microsoft Corporation 30.01.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 15.02.2012 40,5MB 4.1.10111.0 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 31.01.2012 0,29MB 8.0.59193 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 31.01.2012 0,76MB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.03.2012 0,23MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 01.02.2012 0,77MB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 09.03.2012 0,22MB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.01.2012 0,58MB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.01.2012 0,57MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 31.01.2012 0,59MB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 31.01.2012 13,8MB 10.0.40219 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 31.01.2012 12,3MB 10.0.40219 notwendig Nero 11 Nero AG 05.03.2012 2.550MB 11.0.15800 notwendig Nero Backup Drivers Nero AG 30.01.2012 94,00KB 1.0.10000.1.0 notwendig NVIDIA Grafiktreiber 296.10 NVIDIA Corporation 12.03.2012 296.10 notwendig NVIDIA PhysX NVIDIA Corporation 09.03.2012 90,5MB 9.12.0213 notwendig NVIDIA Update 1.7.11 NVIDIA Corporation 12.03.2012 1.7.11 notwendig O&O Defrag Server O&O Software GmbH 12.03.2012 52,5MB 15.0.107 notwendig, oder? O&O DiskImage Server O&O Software GmbH 30.01.2012 53,4MB 6.0.422 notwendig Origin Electronic Arts, Inc. 29.02.2012 8.5.0.4550 notwendig PunkBuster Services Even Balance, Inc. 13.02.2012 0.991 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 31.01.2012 6.0.1.6526 notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 31.01.2012 1,13MB 2.1.28.1 notwendig SHIFT 2 UNLEASHED™ Electronic Arts 03.02.2012 29,5MB 1.0.0.0 unnötig Steam Valve Corporation 01.02.2012 35,5MB 1.0.0.0 notwendig System Requirements Lab CYRI Husdawg, LLC 31.01.2012 0,45MB 4.5.1.0 unbekannt TeamSpeak 3 Client TeamSpeak Systems GmbH 30.01.2012 notwendig TeamViewer 7 TeamViewer 23.02.2012 7.0.12799 notwendig The KMPlayer (remove only) 01.02.2012 notwendig Total War: SHOGUN 2 The Creative Assembly 02.02.2012 unnötig TuneUp Utilities 2011 TuneUp Software 30.01.2012 10.0.4600.4 notwendig Universal AntiCheat 3 v1.063 DExUS 04.03.2012 8,50MB notwendig Warhammer® 40,000®: Dawn of War® II – Retribution™ Relic 02.02.2012 unnötig WinRAR 4.10 (64-Bit) win.rar GmbH 30.01.2012 4.10.0 notwendig Gruß |
|
04.04.2012, 12:25
| #15 |
| /// Malware-holic | Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) deinstaliere: Driver Genius G Data : aktuell ist 2013 gehe auf die homepage und hohl dir das upgrade, sollte kostenlos sein. deinstaliere: Google Earth Homefront Kalender LightScribe SHIFT OO Defrag nicht nötig, kann windows selbst Total War: TuneUp : verzichte auf solchen unsinn, bringt wenig, kann dem system schaden. Warhammer® öffne otl bereinigen neustart. öffne CCleaner analysieren bereinigen neustart. testen wie das system läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) |
| adobe, antivirus, bankguard, browser, computer, converter, cpu, dateisystem, defender, document, explorer, firewall, gdata, gescannt, google, helper, hilfe!!, internet, mp3, nvidia, nvidia update, pandora.tv, plug-in, realtek, rootkit, security, software, svchost.exe, system, updates, usb, usb 3.0, virenbefall???, windows |
Linear-Darstellung
