Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Rechner wird gescannt (Chrome "zittert", keine Aktion möglich) (https://www.trojaner-board.de/112556-rechner-gescannt-chrome-zittert-keine-aktion-moeglich.html)

r|sen_82 29.03.2012 11:39
Rechner wird gescannt (Chrome "zittert", keine Aktion möglich)
 
Hi zusammen, ich habe nun auch den Weg zu euch gefunden und hoffe, ihr könnt mir helfen.

Seit einigen Tagen kommt es vor, das mein Rechner "gescannt" wird. z.B. in Chrome kann ich keine Eingaben mehr vornehmen, es sieht aus als würde man die ganze Zeit auf F5 hämmern, keine Site lädt mehr und ich kann quasi nichts machen. Das dauert dann so ca. ne Minute, dann ists wieder okay. Meine GData Internet Security 2012 meldet mir anschließend, dass mein Rechner gescannt wurde, bietet darüberhinaus aber keine weiteren Ansatzpunkte.

Ich habe mal geschaut, meine Windows Firewall wird immer deaktiviert, denke aber das liegt an GData, oder?

Ich habe schon einen kompletten Scan von GData machen lassen, keine Meldung.

Habe in anderen Threads schon DDS etc. gelesen, hier die Logfiles davon...:

Code:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Marcus at 12:25:35 on 2012-03-29
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8169.5791 [GMT 2:00]
.
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe
C:\Windows\system32\IProsetMonitor.exe
F:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\WireHelpSvc.exe
F:\Program Files\OO Software\DiskImage\oodiag.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
F:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\EslWire\wire.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
F:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\EslWire\inGame32.exe
C:\Program Files\EslWire\dbus-daemon.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: G Data BankGuard: {ba3295cf-17ed-4f49-9e95-d999a0adbfdc} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
uRun: [Google Update] "C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"                                                                                                                                                                                                 
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [NBAgent] "F:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AEB42126-F0AD-4072-B865-C5DF95C8A711} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: LightScribeControlPanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: lslauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
{0124123D-61B4-456f-AF86-78C53A0790C5}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{0124123D-61B4-456f-AF86-78C53A0790C5}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [BCU    REG_SZ    "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"                                                                                                                                                                                          ]
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun-x64: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun-x64: [(Standard)]
mRun-x64: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [NBAgent] "F:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
IFEO-X64: LightScribeControlPanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: lslauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;C:\Windows\system32\DRIVERS\oodisr.sys --> C:\Windows\system32\DRIVERS\oodisr.sys [?]
R0 oodisrh;oodisrh;C:\Windows\system32\DRIVERS\oodisrh.sys --> C:\Windows\system32\DRIVERS\oodisrh.sys [?]
R0 oodivd;O&O DiskImage Virtual Devices Driver;C:\Windows\system32\DRIVERS\oodivd.sys --> C:\Windows\system32\DRIVERS\oodivd.sys [?]
R0 oodivdh;oodivdh;C:\Windows\system32\DRIVERS\oodivdh.sys --> C:\Windows\system32\DRIVERS\oodivdh.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]
R1 gdwfpcd;G Data WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]
R1 GRD;G Data Rootkit Detector Driver;\??\C:\Windows\system32\drivers\GRD.sys --> C:\Windows\system32\drivers\GRD.sys [?]
R1 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2012-1-31 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2012-1-31 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-1-31 586880]
R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-1-31 1506824]
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2011-8-17 464392]
R2 AVKWCtl;G Data Dateisystem Wächter;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2012-1-31 2191808]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 GatewayAgentService;O&O Gateway Agent Service;C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2011-3-11 316744]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-31 13592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-1-31 2348352]
R2 OO DiskImage;OO DiskImage;F:\Program Files\OO Software\DiskImage\oodiag.exe [2011-10-24 4726608]
R2 OODefragAgent;O&O Defrag;F:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-2-2 1867480]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-3-12 168864]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2011-8-10 1556816]
R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-1-31 457536]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-7-7 11856]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-8 136176]
S3 GdNetMon;G Data Network Monitor;\??\C:\Windows\system32\drivers\GdNetMon64.sys --> C:\Windows\system32\drivers\GdNetMon64.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-8 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
.
=============== Created Last 30 ================
.
2012-03-29 09:26:34        --------        d-----w-        C:\Users\Marcus\AppData\Roaming\Malwarebytes
2012-03-29 09:26:31        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-03-29 09:26:30        23152        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2012-03-29 09:26:30        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-27 12:59:17        8669240        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F18419E-EA9B-499C-8BC8-9C42901068F3}\mpengine.dll
2012-03-14 22:27:20        5559152        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-03-14 22:27:20        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:27:19        3913584        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 22:24:55        3145728        ----a-w-        C:\Windows\System32\win32k.sys
2012-03-14 22:24:55        1544192        ----a-w-        C:\Windows\System32\DWrite.dll
2012-03-14 22:24:55        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll
2012-03-14 07:15:29        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe
2012-03-14 07:15:29        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll
2012-03-14 07:15:29        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll
2012-03-14 07:15:29        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 07:15:29        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 07:15:29        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll
2012-03-14 07:15:29        1112064        ----a-w-        C:\Windows\System32\rdpcorets.dll
2012-03-14 07:15:29        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll
2012-03-12 23:16:39        --------        d-----w-        C:\Windows\System32\oodag
2012-03-12 23:14:38        --------        d-----w-        C:\Users\Marcus\AppData\Local\O&O
2012-03-12 21:06:41        --------        d-----w-        C:\Users\Marcus\AppData\Local\ESL Wire Game Client
2012-03-12 21:06:19        168864        ----a-w-        C:\Program Files\Common Files\WireHelpSvc.exe
2012-03-12 21:06:16        147472        ----a-w-        C:\Windows\System32\drivers\ESLWireACD.sys
2012-03-12 21:06:12        25528        ----a-w-        C:\Windows\System32\drivers\ESLvnic.sys
2012-03-12 21:06:12        --------        d-----w-        C:\ProgramData\ESL Wire
2012-03-12 21:06:12        --------        d-----w-        C:\Program Files\EslWire
2012-03-09 07:49:16        --------        d-----w-        C:\Program Files\iPod
2012-03-09 07:49:15        --------        d-----w-        C:\Program Files\iTunes
2012-03-09 07:49:15        --------        d-----w-        C:\Program Files (x86)\iTunes
2012-03-06 16:42:33        --------        d-----w-        C:\ProgramData\LightScribe
2012-03-06 15:44:51        --------        d-----w-        C:\ProgramData\Nero
2012-03-05 15:44:20        --------        d-----w-        C:\Users\Marcus\AppData\Local\CrashRpt
2012-03-05 13:37:08        --------        d-----w-        C:\Users\Marcus\AppData\Roaming\Canneverbe Limited
2012-03-05 13:37:08        --------        d-----w-        C:\ProgramData\Canneverbe Limited
2012-03-05 11:04:20        --------        d-----w-        C:\Program Files (x86)\DExUS
2012-02-29 13:57:11        --------        d-----w-        C:\Users\Marcus\AppData\Local\ESN Sonar
2012-02-29 07:31:49        --------        d-----w-        C:\Users\Marcus\AppData\Roaming\PlayClaw3
2012-02-29 07:26:56        --------        d-----w-        C:\Users\Marcus\AppData\Roaming\Sytexis Software
2012-02-29 07:26:07        --------        d-----w-        C:\Program Files (x86)\Sytexis Software
.
==================== Find3M  ====================
.
2012-03-29 07:38:06        595319        ----a-w-        C:\Windows\SysWow64\sig.bin
2012-03-28 18:12:01        282864        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-28 18:12:01        282864        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2012-03-28 17:50:03        282864        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-24 20:06:55        414368        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-13 17:38:01        472808        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2012-02-29 21:00:22        3089728        ----a-w-        C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09        6074176        ----a-w-        C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47        889664        ----a-w-        C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47        63296        ----a-w-        C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47        2561856        ----a-w-        C:\Windows\System32\nvsvcr.dll
2012-02-29 20:59:47        118080        ----a-w-        C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:29        2515790        ----a-w-        C:\Windows\System32\nvcoproc.bin
2012-02-23 08:18:36        279656        ------w-        C:\Windows\System32\MpSigStub.exe
2012-02-15 10:01:50        52736        ----a-w-        C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50        4547944        ----a-w-        C:\Windows\System32\usbaaplrc.dll
2012-02-15 07:16:46        76888        ----a-w-        C:\Windows\SysWow64\PnkBstrA.exe
2012-02-04 08:53:08        2434856        ----a-w-        C:\Windows\SysWow64\pbsvc_bc2.exe
2012-02-03 19:23:24        106648        ----a-w-        C:\Windows\System32\drivers\GRD.sys
2012-02-01 15:50:21        18960        ----a-w-        C:\Windows\System32\drivers\LNonPnP.sys
2012-02-01 09:06:01        175616        ----a-w-        C:\Windows\System32\msclmd.dll
2012-02-01 09:06:01        152576        ----a-w-        C:\Windows\SysWow64\msclmd.dll
2012-01-31 09:51:10        283200        ----a-w-        C:\Windows\System32\drivers\dtsoftbus01.sys
2012-01-30 23:26:16        564792        ----a-w-        C:\Windows\System32\drivers\sptd.sys
2012-01-30 23:00:00        53112        ----a-w-        C:\Windows\System32\drivers\HookCentre.sys
2012-01-30 22:59:58        65912        ----a-w-        C:\Windows\System32\drivers\gdwfpcd64.sys
2012-01-30 22:59:58        50552        ----a-w-        C:\Windows\System32\drivers\GDBehave.sys
2012-01-30 22:59:58        111992        ----a-w-        C:\Windows\System32\drivers\MiniIcpt.sys
2012-01-30 22:38:39        59256        ----a-w-        C:\Windows\System32\drivers\PktIcpt.sys
2012-01-30 22:38:24        31608        ----a-w-        C:\Windows\System32\drivers\GdNetMon64.sys
2012-01-04 10:44:20        509952        ----a-w-        C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41        442880        ----a-w-        C:\Windows\SysWow64\ntshrui.dll
2012-01-03 13:10:52        53656        ----a-w-        C:\Windows\System32\AdobePDF.dll
2012-01-03 13:10:48        24984        ----a-w-        C:\Windows\System32\AdobePDFUI.dll
.
============= FINISH: 12:25:51,53 ===============
und das Attach Logfile:

Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 30.01.2012 22:50:33
System Uptime: 29.03.2012 12:22:42 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | SABERTOOTH P67
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 168 GiB total, 70,686 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1808,842 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 1863 GiB total, 1063,591 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP54: 13.03.2012 18:37:46 - Installed Java(TM) 6 Update 31
RP55: 14.03.2012 17:35:06 - Windows Update
RP56: 14.03.2012 23:26:08 - Windows Update
RP57: 19.03.2012 08:01:32 - Removed Battlefield 1942 Secret Weapons of WWII Demo
RP58: 20.03.2012 08:53:42 - Windows Update
RP59: 23.03.2012 09:59:06 - Windows Update
RP60: 27.03.2012 14:59:12 - Windows Update
.
==== Installed Programs ======================
.
Acrobat X Suite
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Captivate Quiz Results Analyzer
Adobe Captivate Reviewer
Adobe Community Help
Adobe Media Player
AI Suite II
Apple Application Support
Apple Software Update
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Browser Configuration Utility
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
DAEMON Tools Lite
Driver Genius Professional Edition
eReg
ESN Sonar
Free YouTube to MP3 Converter version 3.10.15.1228
FxVisor
G Data InternetSecurity 2012
Google Chrome
Google Earth Plug-in
Google Update Helper
High-Definition Video Playback
Homefront
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
JDownloader 0.9
JMicron JMB36X Driver
Kalender-Excel-8.8
LightScribe System Software
Malwarebytes Anti-Malware Version 1.60.1.1000
marvell 91xx driver
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Nero 11
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
NVIDIA PhysX
Origin
Pandora Service
PDF Settings CS5
PunkBuster Services
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SHIFT 2 UNLEASHED™
Steam
System Requirements Lab CYRI
TeamSpeak 3 Client
TeamViewer 7
The KMPlayer (remove only)
Total War: SHOGUN 2
TuneUp Utilities 2011
TuneUp Utilities Language Pack (de-DE)
Universal AntiCheat 3 v1.063
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Warhammer® 40,000®: Dawn of War® II – Retribution™
welcome
.
==== End Of File ===========================
Hab ich das so richtig gemacht, was fehlt noch?


Danke schonmal für eure Hilfe!!

markusg 29.03.2012 16:07
hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

r|sen_82 30.03.2012 08:54
Hier das Ergebnis des OTL Scans:

Code:
OTL logfile created on: 30.03.2012 10:00:55 - Run 3
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Marcus\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 73,68% Memory free
15,95 Gb Paging File | 13,39 Gb Available in Paging File | 83,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 167,58 Gb Total Space | 71,34 Gb Free Space | 42,57% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1808,84 Gb Free Space | 97,09% Space Free | Partition Type: NTFS
Drive F: | 1863,02 Gb Total Space | 1063,59 Gb Free Space | 57,09% Space Free | Partition Type: NTFS
 
Computer Name: GODLIKE | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.29 11:24:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 09:16:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.02.03 09:06:00 | 001,867,480 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012.01.24 14:50:38 | 000,024,480 | ---- | M] () -- C:\Programme\EslWire\inGame32.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2011.10.28 15:36:43 | 001,617,416 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.09.16 15:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.08.17 16:00:02 | 001,011,208 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2011.08.17 16:00:02 | 000,464,392 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.04.30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 01:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.02 11:37:22 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2010.11.26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010.10.12 17:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2010.09.24 22:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.16 09:35:33 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\052deceb97582fe7bd7eefd13e0c590c\IAStorUtil.ni.dll
MOD - [2012.02.16 08:55:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.16 08:55:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.16 08:55:36 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.16 08:55:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.16 08:55:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.16 08:55:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 08:55:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.02.16 08:55:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.01 19:25:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
MOD - [2012.02.01 14:28:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012.01.24 16:00:18 | 000,165,888 | ---- | M] () -- C:\Programme\EslWire\NocIPC32.dll
MOD - [2012.01.24 14:50:38 | 000,447,904 | ---- | M] () -- C:\Programme\EslWire\inGame32.dll
MOD - [2012.01.24 14:50:38 | 000,024,480 | ---- | M] () -- C:\Programme\EslWire\inGame32.exe
MOD - [2012.01.03 15:10:54 | 000,019,968 | ---- | M] () -- F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.02 18:28:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010.11.30 14:13:04 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
MOD - [2010.11.19 11:55:00 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2010.11.19 11:53:34 | 000,963,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 19:30:16 | 001,245,184 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2010.10.15 18:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2010.09.27 21:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2010.09.27 21:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2010.08.23 11:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
MOD - [2010.08.06 19:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010.08.06 19:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010.06.21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010.06.21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009.08.12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.06.29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.15 09:16:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.03 09:06:00 | 001,867,480 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012.02.02 12:33:02 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.17 19:20:58 | 003,273,552 | ---- | M] (O&O Software GmbH) [Auto | Running] -- F:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.10.28 03:41:08 | 002,191,808 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2011.10.24 04:16:16 | 004,726,608 | ---- | M] (O&O Software GmbH) [Auto | Running] -- F:\Program Files\OO Software\DiskImage\oodiag.exe -- (OO DiskImage)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.08.17 16:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.08.10 15:21:12 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2011.04.30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.11 16:12:42 | 000,316,744 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe -- (GatewayAgentService)
SRV - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.02.03 21:23:24 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.01.31 11:51:10 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.01.31 01:00:00 | 000,053,112 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.01.31 00:59:58 | 000,111,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.01.31 00:59:58 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.01.31 00:59:58 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.01.31 00:38:39 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.01.31 00:38:24 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.10.25 10:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.10.25 10:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.10.24 04:16:56 | 000,259,312 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodivd.sys -- (oodivd)
DRV:64bit: - [2011.10.24 04:16:56 | 000,044,272 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodivdh.sys -- (oodivdh)
DRV:64bit: - [2011.10.24 04:16:56 | 000,040,688 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodisrh.sys -- (oodisrh)
DRV:64bit: - [2011.10.24 04:16:54 | 000,118,000 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodisr.sys -- (oodisr)
DRV:64bit: - [2011.10.12 08:33:42 | 000,316,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.07.20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011.07.13 14:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.07.13 14:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.05.19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.07.07 16:46:56 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 1B 80 CE E9 09 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9D8B8ECF-63A5-4032-9A19-3E7924445928}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1FDDE6D1-95C6-4a8e-896E-05057F565AB5}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{9D8B8ECF-63A5-4032-9A19-3E7924445928}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.13 11:01:35 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: FlashBlock = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.10_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\1.5_0\
CHR - Extension: Donna Karan = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji\3_0\
CHR - Extension: Battlelog = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdecopbclicngfcdmhinokemjlmcihf\0.1_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Google Mail = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OODefragTray] F:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [OODITRAY.EXE] F:\Program Files\OO Software\DiskImage\ooditray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] F:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB42126-F0AD-4072-B865-C5DF95C8A711}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\LightScribeControlPanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\LightScribeControlPanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d1e490b8-4b8b-11e1-a5ae-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e490b8-4b8b-11e1-a5ae-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 09:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.30 09:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.30 09:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.30 09:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.29 12:21:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.com
[2012.03.29 11:26:34 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2012.03.29 11:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.29 11:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.29 11:26:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.29 11:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.29 11:24:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012.03.13 21:10:35 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.13 21:10:35 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.13 19:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.13 19:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.13 01:16:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2012.03.13 01:14:38 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\O&O
[2012.03.12 23:06:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\ESL Wire Game Client
[2012.03.12 23:06:16 | 000,147,472 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2012.03.12 23:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2012.03.12 23:06:12 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2012.03.12 23:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2012.03.12 23:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2012.03.06 18:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.03.06 18:42:08 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Nero
[2012.03.06 17:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.03.06 17:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.03.06 17:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.03.05 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\CrashRpt
[2012.03.05 17:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerra
[2012.03.05 15:37:08 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Canneverbe Limited
[2012.03.05 15:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.03.05 13:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Anticheat 3
[2012.03.05 13:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DExUS
[2012.02.29 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\ESN Sonar
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 09:58:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.30 09:58:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000UA.job
[2012.03.30 09:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.30 09:53:28 | 000,018,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 09:53:28 | 000,018,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 09:51:10 | 000,595,928 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.03.30 09:51:10 | 000,038,374 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.03.30 09:50:53 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 09:50:53 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 09:50:53 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 09:50:53 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 09:50:53 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 09:46:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.30 09:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 09:46:12 | 000,048,488 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.03.29 13:46:12 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.29 13:46:12 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.29 13:20:50 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.29 12:22:02 | 000,000,188 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012.03.29 12:18:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.com
[2012.03.29 12:17:55 | 000,050,477 | ---- | M] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2012.03.29 11:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.29 11:24:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012.03.29 11:21:43 | 000,001,404 | ---- | M] () -- C:\Users\Marcus\Desktop\Install Windows.lnk
[2012.03.28 14:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000Core.job
[2012.03.15 00:36:08 | 004,968,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 01:14:35 | 000,002,689 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2012.03.12 23:06:16 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.03.05 13:04:23 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Universal Anticheat 3.lnk
[2012.03.01 02:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.01 02:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.02.29 22:59:29 | 002,515,790 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
 
========== Files Created - No Company Name ==========
 
[2012.03.30 09:58:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.29 12:22:02 | 000,000,188 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2012.03.29 12:21:47 | 000,050,477 | ---- | C] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2012.03.29 11:26:31 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.29 11:21:43 | 000,001,404 | ---- | C] () -- C:\Users\Marcus\Desktop\Install Windows.lnk
[2012.03.13 16:06:37 | 000,048,488 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor
[2012.03.13 01:14:35 | 000,002,689 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2012.03.12 23:06:19 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.12 23:06:16 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.03.05 13:04:23 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Universal Anticheat 3.lnk
[2012.02.04 10:53:08 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.01.31 13:40:23 | 000,595,928 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.01.31 01:15:31 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.31 01:15:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.31 00:12:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012.01.31 00:12:04 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.31 00:12:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.01.31 00:12:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.01.30 23:52:52 | 000,038,219 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.30 23:52:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.30 23:52:13 | 000,024,998 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2012.03.05 15:37:08 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Canneverbe Limited
[2012.03.10 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2012.02.13 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoft
[2012.02.13 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.01 17:50:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Leadertech
[2012.01.31 00:28:07 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Origin
[2012.02.29 09:32:37 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PlayClaw3
[2012.02.29 09:26:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sytexis Software
[2012.02.06 00:22:44 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2012.02.03 22:29:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client
[2012.02.01 14:59:48 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TuneUp Software
[2012.03.26 12:46:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.07 19:47:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.01 11:10:38 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.30 23:50:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.30 23:53:10 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.31 12:04:10 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.03.13 21:11:18 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.30 09:58:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.30 09:58:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.29 11:26:31 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.30 23:50:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.30 23:59:02 | 000,000,000 | ---D | M] -- C:\RaidTool
[2012.01.30 23:50:32 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.30 10:02:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.31 00:52:16 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.14 09:12:52 | 000,000,000 | ---D | M] -- C:\Windows
[2012.02.18 15:18:58 | 000,000,000 | ---D | M] -- C:\WindowsESD
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.29 12:22:02 | 000,000,188 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012.03.30 10:02:02 | 001,835,008 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT
[2012.03.30 10:02:02 | 000,262,144 | ---- | M] () -- C:\Users\Marcus\ntuser.dat.LOG1
[2012.01.30 23:50:35 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\ntuser.dat.LOG2
[2012.01.30 23:54:45 | 000,065,536 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.01.30 23:54:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.01.30 23:54:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.10.25 12:31:30 | 000,000,020 | -HS- | M] () -- C:\Users\Marcus\ntuser.ini
[2012.01.31 00:13:24 | 000,000,538 | ---- | M] () -- C:\Users\Marcus\Patcher.log
[2011.05.13 23:40:52 | 000,003,433 | ---- | M] () -- C:\Users\Marcus\unigine_20110513_2340.html
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >

markusg 30.03.2012 10:58
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

r|sen_82 30.03.2012 11:37
Hmm, wie lange dauert das denn? Bis der sein logfile erstellt hat?? Warte nun nach dem Neustart schon ca. 15min, immer noch die gleiche Meldung...:confused:

Okay, es ging dann doch irgendwann voran. Das Ding braucht ja ewig.. ^^ Was macht das Prog denn genau? Fix klingt ja nach "reparieren"? Hier das Log

Code:
ComboFix 12-03-30.06 - Marcus 30.03.2012  12:12:32.1.8 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8169.5865 [GMT 2:00]
ausgeführt von:: c:\users\Marcus\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-28 bis 2012-03-30  ))))))))))))))))))))))))))))))
.
.
2012-03-30 10:25 . 2012-03-30 10:25        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-30 10:25 . 2012-03-30 10:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-30 08:01 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{38B6B800-3D21-4043-9D35-A8BA66B55B50}\mpengine.dll
2012-03-30 07:58 . 2012-03-30 07:58        --------        d-----w-        c:\program files\iPod
2012-03-30 07:58 . 2012-03-30 07:58        --------        d-----w-        c:\program files\iTunes
2012-03-30 07:58 . 2012-03-30 07:58        --------        d-----w-        c:\program files (x86)\iTunes
2012-03-29 09:26 . 2012-03-29 09:26        --------        d-----w-        c:\users\Marcus\AppData\Roaming\Malwarebytes
2012-03-29 09:26 . 2012-03-29 09:26        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-29 09:26 . 2012-03-29 09:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 09:26 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-14 22:27 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 22:27 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:27 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 22:24 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 22:24 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 22:24 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 07:15 . 2012-02-17 06:38        1112064        ----a-w-        c:\windows\system32\rdpcorets.dll
2012-03-14 07:15 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:15 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 07:15 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 07:15 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:15 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:38 . 2012-03-13 17:38        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-03-13 17:38 . 2012-03-13 17:38        --------        d-----w-        c:\program files (x86)\Java
2012-03-12 23:16 . 2012-03-12 23:16        --------        d-----w-        c:\windows\system32\oodag
2012-03-12 23:14 . 2012-03-12 23:14        --------        d-----w-        c:\users\Marcus\AppData\Local\O&O
2012-03-12 21:06 . 2012-03-30 10:26        --------        d-----w-        c:\users\Marcus\AppData\Local\ESL Wire Game Client
2012-03-12 21:06 . 2012-01-24 12:50        168864        ----a-w-        c:\program files\Common Files\WireHelpSvc.exe
2012-03-12 21:06 . 2012-01-24 12:50        147472        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys
2012-03-12 21:06 . 2012-03-12 21:06        --------        d-----w-        c:\program files\EslWire
2012-03-12 21:06 . 2012-03-12 21:06        --------        d-----w-        c:\programdata\ESL Wire
2012-03-12 21:06 . 2012-01-24 12:50        25528        ----a-w-        c:\windows\system32\drivers\ESLvnic.sys
2012-03-06 16:42 . 2012-03-06 16:42        --------        d-----w-        c:\programdata\LightScribe
2012-03-06 16:42 . 2012-03-06 16:42        --------        d-----w-        c:\users\Marcus\AppData\Roaming\Nero
2012-03-06 15:44 . 2012-03-06 15:46        --------        d-----w-        c:\program files (x86)\Common Files\Nero
2012-03-06 15:44 . 2012-03-06 15:50        --------        d-----w-        c:\programdata\Nero
2012-03-05 15:44 . 2012-03-05 15:44        --------        d-----w-        c:\users\Marcus\AppData\Local\CrashRpt
2012-03-05 13:37 . 2012-03-05 13:37        --------        d-----w-        c:\users\Marcus\AppData\Roaming\Canneverbe Limited
2012-03-05 13:37 . 2012-03-05 13:37        --------        d-----w-        c:\programdata\Canneverbe Limited
2012-03-05 11:04 . 2012-03-05 11:04        --------        d-----w-        c:\program files (x86)\DExUS
2012-02-29 13:57 . 2012-02-29 19:50        --------        d-----w-        c:\users\Marcus\AppData\Local\ESN Sonar
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 10:00 . 2012-01-31 12:30        282864        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-03-30 10:00 . 2012-01-30 23:15        282864        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-03-30 09:52 . 2012-01-30 23:15        282864        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-03-24 20:06 . 2012-01-30 22:01        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-13 17:38 . 2012-01-31 08:45        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-03-01 00:02 . 2012-02-21 14:10        962368        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-01-30 22:50        9717568        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-01-30 22:50        1737536        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-01-30 22:50        1466176        ----a-w-        c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-05-21 05:01        2660160        ----a-w-        c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2012-01-30 21:58        3089728        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2012-01-30 21:58        6074176        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2012-01-30 21:58        889664        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2012-01-30 21:58        63296        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2012-01-30 21:58        2561856        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2012-01-30 21:58        118080        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2012-02-21 14:11        2515790        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-02-23 08:18 . 2012-01-30 22:10        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01        52736        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-02-15 07:16 . 2012-01-30 23:15        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-02-04 08:53 . 2012-02-04 08:53        2434856        ----a-w-        c:\windows\SysWow64\pbsvc_bc2.exe
2012-02-03 19:23 . 2012-02-03 19:23        106648        ----a-w-        c:\windows\system32\drivers\GRD.sys
2012-02-01 15:50 . 2012-02-01 15:50        53248        ----a-r-        c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-01 15:50 . 2012-02-01 15:50        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-02-01 09:06 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-02-01 09:06 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-01-31 09:51 . 2012-01-31 09:27        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-30 23:26 . 2012-01-30 23:26        564792        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-01-30 23:00 . 2012-01-30 22:38        53112        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2012-01-30 22:59 . 2012-01-30 22:38        65912        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2012-01-30 22:59 . 2012-01-30 22:38        50552        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2012-01-30 22:59 . 2012-01-30 22:38        111992        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2012-01-30 22:38 . 2012-01-30 22:38        59256        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2012-01-30 22:38 . 2012-01-30 22:38        31608        ----a-w-        c:\windows\system32\drivers\GdNetMon64.sys
2012-01-30 22:22 . 2012-01-30 22:22        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-01-30 22:22 . 2012-01-30 22:22        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-01-30 22:22 . 2012-01-30 22:22        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-01-30 22:22 . 2012-01-30 22:22        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-01-30 22:22 . 2012-01-30 22:22        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-30 22:22 . 2012-01-30 22:22        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-01-30 22:22 . 2012-01-30 22:22        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-30 22:22 . 2012-01-30 22:22        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-01-30 22:22 . 2012-01-30 22:22        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-01-30 22:22 . 2012-01-30 22:22        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-01-30 22:22 . 2012-01-30 22:22        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-01-30 22:22 . 2012-01-30 22:22        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-01-30 22:22 . 2012-01-30 22:22        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-01-30 22:22 . 2012-01-30 22:22        448512        ----a-w-        c:\windows\system32\html.iec
2012-01-30 22:22 . 2012-01-30 22:22        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-01-30 22:22 . 2012-01-30 22:22        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-01-30 22:22 . 2012-01-30 22:22        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-01-30 22:22 . 2012-01-30 22:22        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-01-30 22:22 . 2012-01-30 22:22        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-01-30 22:22 . 2012-01-30 22:22        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-01-30 22:22 . 2012-01-30 22:22        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-01-30 22:22 . 2012-01-30 22:22        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-01-30 22:22 . 2012-01-30 22:22        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-01-30 22:22 . 2012-01-30 22:22        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-01-30 22:22 . 2012-01-30 22:22        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-01-30 22:22 . 2012-01-30 22:22        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-01-30 22:22 . 2012-01-30 22:22        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-01-30 22:22 . 2012-01-30 22:22        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-01-30 22:22 . 2012-01-30 22:22        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-01-30 22:22 . 2012-01-30 22:22        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-01-30 22:22 . 2012-01-30 22:22        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-01-30 22:22 . 2012-01-30 22:22        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-01-30 22:22 . 2012-01-30 22:22        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-01-30 22:22 . 2012-01-30 22:22        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-01-04 10:44 . 2012-02-15 05:26        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 05:26        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-01-03 13:10 . 2012-01-03 13:10        53656        ----a-w-        c:\windows\system32\AdobePDF.dll
2012-01-03 13:10 . 2012-01-03 13:10        24984        ----a-w-        c:\windows\system32\AdobePDFUI.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2012-02-14 4009472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-08-17 1011208]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
"Acrobat Assistant 8.0"="f:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"NBAgent"="f:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="f:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 136176]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2011-08-17 464392]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2011-10-28 2191808]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2011-03-11 316744]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 OO DiskImage;OO DiskImage;f:\program files\OO Software\DiskImage\oodiag.exe [2011-10-24 4726608]
S2 OODefragAgent;O&O Defrag;f:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2011-08-10 1556816]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-07 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 13:47]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 13:47]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000Core.job
- c:\users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 22:42]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85359884-310280431-4005254754-1000UA.job
- c:\users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 22:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2011-10-24 02:16        130384        ----a-w-        f:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"OODITRAY.EXE"="f:\program files\OO Software\DiskImage\OODITRAY.EXE" [2011-10-24 3089232]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"OODefragTray"="f:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI05.00.00.01PRO"="7092FD832369C86909A49A7DF1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E66771292E97AFF59C898184F72D0A3B572583CC3BE3E910937E1079628A30D4A4358BA34341A442AD8640426893190AAFA00936ED6B13CB34B200A9ECD20CDBF7DACAB6EE81C1D4B1DAEC69043D93FEE322330BD20DED01BD2AA53BC73CCCE911168FE2CF20CB804F331868A1C63D69A13F64C497DA601D09FD53581CEB9AAA10A53E9E257DC94D8E1655A2B8E3204F7C5F82538EFA9441D01DDE9CB6205F7C7A1D3D50D30809F55E5A3EEBE95B0AE8E8BFF51A302979C234C8231606A849EF38E279D86646186B8EAA6E8F74860B2242F12D6F96B5C02CB617014B1F6A4E4F1632E00609514C50D488084C4153781CC7591A9E0103603B40F0D7B339DB23914319689E8BD63DFBCB47AF5258C56BAB9A30B2E5D188925F9B161139AF8AC267D5F907DA6496C77A6F0E0CC866F1415842016FF9105155BF7816943E83186FB2C48C39682B680C8B22D94CC840839A5FA7AFCE80E67C6BB5E958D31658B6288AEC5BFEE79D336DA1A9789EE15AB8DDB11B6ED116253ED94EE795BF89F52E37370F455A6D1C7594E5AC0FB9964EE3B3F2CD487FC6BD5D6CCB4D5CCE53485DA6B950FBD3832DBF6DB23C15D4D95AE9887B5697609948B52F23DA0DFDA3DE32C5C4B688F6A6F6B8A717C757AD1860C68ED72F0E0202FDB476FEB1DEC89EED32A73C31C3D3C748973957257404AE6608B94AB631F5EC3EDFD7BADB5BB35D4DF4A23D0EDCFCCB122C586B0D601D6F16CF44C52FD9D3B88D4D2C69C160456A79A7D21604578B8C67D5027E1E624221BE552A73BEB3B1B811281350359F88C6918A1847A8099AD50409F570D8173E7D4F622E2FF0BF3134942FED69699E0B66D8709309FA1D496942D1B9D3A26E63B2DFD3D30AB2D370E58738636173B65FB0B943AEC65A123B7CA44B93F046AB8561AA9D65C7579697FB7AA75C99D1161D033D7E921C0A3C1A38CFA89042EEE57DA10CC5706216084F9AA6FA0929623FDE2B9531AFDD343F0E380C2D01F8AE0BA7FC87E6C48587F5C4D86640DA586887C26F94823812E499C98EC6337877FCD8656FC1AD7811AB86AA41389986248B976B86B32924730C9700C090274F5530E39BED045E631BE23236D33FC088BE576F001D0FF02FEF7E5CE6C69E0CA25F8892B15CBECDA4EAF546A002427F9C8E3B5EAAD2E3BAD62AF35F3C8F49F4D193A5A3159602E69BFC0D63A8B32CB6C6AB0A0C1ABB99FA5F7889EA3FF90E0D80258C2536E80428EE03B87D8E430C574C65FB7181E0B6B94F66BF1EB2DB8D9096FC287A0A169EA387E06ADD9981946AB7BA2DDB18BC669272B1F9EB5E7D0D"
"OODI06.00.00.01PRO"="A44CA6425F19CA2564A6D4D797EC33D293C58CA8B1ACA1C9542C8A91C60550C551CE166EC59D4621A364EF31A6A0595AC893DFD22189BCE99BEDC38E73C420686FB1BD6CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E667B86442A0907D2CFA8F652377A8D210724BA1A5C64F5BCC5D488FB645583053AF4D800CED25D71867CF3D3A9C3214B71A547AEA8BBB742E4CD31695136FC21E27BBAAD2BF34B7A1EB74ED37357389BBC6FC5F43E303BD43E7154F619093D470EE78A6F420B7C5F2AD2A8EF8C7F03F152D4C5E2E75D4C6748E0CDAD89FBE9EC7B51D4711D0947C38C6C2499F91179542F2EC14EB9944F6B015DBEC00D74BA8239AE5778B430EAB214535DC10823343C3B4AD3585DDC8076BC2CE4D1C837AD185B3B3B30C21CCF763AA1B1B734076CEA000020942823F069B55CED9BAA1F04F76090C8D0144E0D8B6EDB169B7A3F9166158806A31FEE4D33A7B6C8129E4B7258399182A173CB99AD8775B440E37364A94B3E448A4FCDDA7C6D9DBC97BB1B9303A54A34246CD2D5C0A281E37EA3D8A6F4C7F8C26B358B28BC58875C988A4C81EAE1FA0A3C3EEF4118E4F24E68729B85E1C987B9CB622CC5C3A12B22DEC8C9770F8D3A2300C4D2E82AE343A8761A467C320D2D7D34D237DCC32F7B5B605E9C001B43E645C60C55ACA3890D265398AA0A0F3F56D8ED8D077E03A2EC1B775753EF8019F413245EDDE5AFB12055D95ED544A3ABBA99E00DB50F4659C3F1C2618F25603ADBACD010C06754DDB8862BD90D2699853A1EAABA586B4CA9EB85C41F1A1ECE01176E0A01CFA3285033DFABEEC53F8B8608AEE0C41F7A28505600B36D37363C6E53BB2F54ED0FD019123C06BAE71CC48F9403A12F96815B21408CAB84574B4E33FF7981385FC192186E16258B52907F8ABC0EFF3CC7E34F682A756BE01942EEC1F3D83CFD8D795CA5243A15E985F220072AFC72C6C4600F6FDDCF703F329751982BFF2C915A05BE45C33559A1E58E91743D30C783C2F485EA566100743E97EA3D2D7FB60B877A7DD7DC5E76F4340FEFC84979C5BD80CB3DB0D28148CC273954BF203C839F660092505B0D60039A35671900AEC1A0C943C223CA88B1AFE46D7D5B7E296B939C7643035CCB5B562F6BABBB75E04405AE5AEE7B017137CB5C7BA8A693A361019F87076429829BEDA8F46243C6B7D9AF7FB2F6759C0D941D83E03B346738C2C66263976D7B56D8C6BA76A7AD52D873C4EBCB0DF1B9B25BC90D64D227E1C9441A4E41E2F926ACE53975EEB0EAD40E7FBFB6F7E13CC3D4D85B5A30628376359C80DAD54268520B00D1235E435E468F27251BDB5483BE23EF65796719F0A9E7D7E095EE1E4B6E5087544"
"OODEFRAG15.00.00.01PROFESSIONAL"="418C2C4C177CDC8FB69EBBD42C23EFB9B7BAC191787AF8BDFCD6731797196F75485DFCA3FD237CB5A66C37063AF1EE6B39F0E657D0164E759808117F201CEC56BEB0DA1557B1983689D5FDFDFD0B51B1C79F4DEB8924967C5617C12703C9BDCBD11DA421BEF963A14F2D3862238ADE5233F204BD7EAE50EC8830215E6DB83BE572E99D9E52BD2F9CAB78F22D598305A6905182891133A4F644342BC992F365C75997FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5555D575E7D6A3B980897BB795C4EA4FB151FA30A297EA544CD522D4C626BAFC150837A1A487D2ED193180418C8D16F7F9B996057149E952D6FD9629572175156DF25797A75E9F96094067171F148E7707A13F513CD01A9E370596E979BAF01C84E46255C067035EC3AAE3D810F2FB27E4DE380879B7EFC3A8551F48B4D856C278E2DC28DB47A4368D1C4F2C248A88999DDC5F080318FBDBF992369316C0CD9C348086EDAB413A006605D71B53CF93BF62E568C50BCD3B1CBC71797CBD15C21B7D467179BAA6CD73E1D716E60FC0EAA8F7219EA4EDA102DF7645A9C2148B02EDC423EFEA42EDB0B4D725EEFCA1173CDA093F279D19F289D22F37A6A7B116981D2D4E63D52CD5870348065D28172D9AD2C2CAF793A1329016E2E6AC5AADD8BAE7C021CBB840B014F369BAD46950E976A7610FDFE672EC1EBC003034A00593DDF81F3FE3B9FD895075B4ABD4E1BC7293688C06E734161C204C313FE64539E4B4FCB8A924C0A227A8770C905432BF3A856AF787893308E2606E534FDD57FBCA64D8CD5C1D63042B9D60586D4CE615D5B24FC2377EE218E85C05A6F823561B8E1BFB49F5794018C000E6DA6E0F26042A490C6E028EB862B1F979582F4EADD8B349EFCDF041671C31E5AC1814503CB54909BA4872D42D6245602515EA0B6D91EFBF460465C3C772288FB5E217C264BB9CBDD749E8E7F8AAB32890FA936A8C0D337631DB4D83F90D3D8CAE3466AD88C8C28FED762B5032068DDCF8CBDC52701FE0A1FB74255A9BAFA4BADB5E452E9415A9BBD33C4EF8318762786D328496C8D683DEF75B9135AF92CC023FA225FFD1BA5BF6EAEE77188F8E48276ACA91B055D4BBA316319B5835770BFBA235C9E8C5663D476B9284F6F4DB586F9A5B7FBD4E9D795D44F9345AB5C44EE9C5A2101E12D7F39CE848D0568A0E16C7F917C8D0F33327EDDCD8D302E9A1A9B7F18B55C1D60D6F48683DBEFF78551940C86D557BFBAF24F653424443A24D4B833929069B1B53CB140F08653F813E582B5DD54474308A503171FA5B7D112CF589646DC46E8F5F3BCB24936D495DFF15B28363E2A4CA4CA3A336D12A1CC0056B51F73F973DC6C3A8826CDC7FECF0D3B6BA2"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-30  12:48:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-30 10:48
.
Vor Suchlauf: 10 Verzeichnis(se), 76.132.536.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 75.667.320.832 Bytes frei
.
- - End Of File - - BCD4089F7DA5FB08CD1FE9414323DF18

r|sen_82 01.04.2012 11:25
Hallo?? Wurde der hier vergessen?? :)

markusg 02.04.2012 09:37
öffne malwarebytes, logdateien, poste alle berichte.

r|sen_82 02.04.2012 11:50
Ahhh, da kommt doch noch was.. :)

Die Scanberichte meinst du?

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcus :: GODLIKE [Administrator]

Schutz: Aktiviert

29.03.2012 12:54:50
mbam-log-2012-03-29 (12-54-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402188
Laufzeit: 20 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 02.04.2012 17:00
ist das der einzige?

r|sen_82 02.04.2012 17:46
Das hier kann ich noch anbieten:

Code:
2012/03/29 11:27:09 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/29 11:27:10 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/29 11:27:13 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/29 11:27:14 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/29 12:14:53 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/29 12:14:54 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/29 12:14:57 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/29 12:14:58 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/29 12:25:18 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/29 12:25:19 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/29 12:25:22 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/29 12:25:23 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
Code:
2012/03/30 09:48:26 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/30 09:48:27 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/30 09:48:30 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/30 09:48:31 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/30 09:54:37 +0200        GODLIKE        Marcus        MESSAGE        Stopping IP protection
2012/03/30 09:55:06 +0200        GODLIKE        Marcus        MESSAGE        IP Protection stopped
2012/03/30 09:57:35 +0200        GODLIKE        Marcus        MESSAGE        Executing scheduled update:  Daily
2012/03/30 09:57:43 +0200        GODLIKE        Marcus        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.03.29.03 to version v2012.03.30.02
2012/03/30 09:57:43 +0200        GODLIKE        Marcus        MESSAGE        Starting database refresh
2012/03/30 09:57:44 +0200        GODLIKE        Marcus        MESSAGE        Database refreshed successfully
2012/03/30 11:28:24 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/30 11:28:25 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/30 11:28:28 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/30 11:28:29 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/30 11:28:44 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49309, Process: pandoraservice.exe)
2012/03/30 11:32:52 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49525, Process: pandoraservice.exe)
2012/03/30 11:33:56 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49534, Process: pandoraservice.exe)
2012/03/30 11:36:04 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49572, Process: pandoraservice.exe)
2012/03/30 11:39:08 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49691, Process: pandoraservice.exe)
2012/03/30 11:39:40 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49692, Process: pandoraservice.exe)
2012/03/30 11:39:40 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49693, Process: pandoraservice.exe)
2012/03/30 11:40:12 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 49895, Process: pandoraservice.exe)
2012/03/30 11:41:16 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50216, Process: pandoraservice.exe)
2012/03/30 11:42:20 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50610, Process: pandoraservice.exe)
2012/03/30 11:44:28 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50641, Process: pandoraservice.exe)
2012/03/30 11:48:36 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50701, Process: pandoraservice.exe)
2012/03/30 11:50:45 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50826, Process: pandoraservice.exe)
2012/03/30 11:52:53 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50981, Process: pandoraservice.exe)
2012/03/30 11:53:57 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50989, Process: pandoraservice.exe)
2012/03/30 11:55:01 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 50995, Process: pandoraservice.exe)
2012/03/30 11:56:05 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 51006, Process: pandoraservice.exe)
2012/03/30 11:57:09 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 51011, Process: pandoraservice.exe)
2012/03/30 11:58:13 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 51021, Process: pandoraservice.exe)
2012/03/30 11:59:17 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 51047, Process: pandoraservice.exe)
2012/03/30 12:00:05 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 51112, Process: pandoraservice.exe)
2012/03/30 12:00:05 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 51113, Process: pandoraservice.exe)
2012/03/30 12:00:21 +0200        GODLIKE        Marcus        IP-BLOCK        111.111.111.111 (Type: outgoing, Port: 51118, Process: pandoraservice.exe)
2012/03/30 12:10:04 +0200        GODLIKE        Marcus        MESSAGE        Stopping IP protection
2012/03/30 12:10:34 +0200        GODLIKE        Marcus        MESSAGE        IP Protection stopped
2012/03/30 12:52:41 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/30 12:52:42 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/30 12:52:45 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/30 12:52:45 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/30 18:11:01 +0200        GODLIKE        (null)        MESSAGE        Executing scheduled update:  Daily
2012/03/30 18:11:04 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/30 18:11:05 +0200        GODLIKE        Marcus        ERROR        Scheduled update failed:  I/O error failed with error code 0
2012/03/30 18:11:06 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/30 18:11:09 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/30 18:11:09 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/30 18:24:34 +0200        GODLIKE        Marcus        MESSAGE        Starting database refresh
2012/03/30 18:24:34 +0200        GODLIKE        Marcus        MESSAGE        Stopping IP protection
2012/03/30 18:25:13 +0200        GODLIKE        Marcus        MESSAGE        IP Protection stopped
2012/03/30 18:25:15 +0200        GODLIKE        Marcus        MESSAGE        Database refreshed successfully
2012/03/30 18:25:15 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/30 18:25:15 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
Code:
2012/03/31 08:37:53 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/31 08:37:54 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/31 08:37:57 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/31 08:37:58 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/31 09:18:22 +0200        GODLIKE        Marcus        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 50379, Process: chrome.exe)
2012/03/31 09:18:22 +0200        GODLIKE        Marcus        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 50380, Process: chrome.exe)
2012/03/31 09:18:38 +0200        GODLIKE        Marcus        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 50382, Process: chrome.exe)
2012/03/31 09:18:38 +0200        GODLIKE        Marcus        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 50383, Process: chrome.exe)
2012/03/31 13:30:30 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/31 13:30:31 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/31 13:30:34 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/31 13:30:35 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/31 22:06:11 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/03/31 22:06:12 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/03/31 22:06:13 +0200        GODLIKE        Marcus        MESSAGE        Executing scheduled update:  Daily
2012/03/31 22:06:15 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/31 22:06:16 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/03/31 22:06:22 +0200        GODLIKE        Marcus        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.03.30.06 to version v2012.03.31.11
2012/03/31 22:06:22 +0200        GODLIKE        Marcus        MESSAGE        Starting database refresh
2012/03/31 22:06:22 +0200        GODLIKE        Marcus        MESSAGE        Stopping IP protection
2012/03/31 22:06:53 +0200        GODLIKE        Marcus        MESSAGE        IP Protection stopped
2012/03/31 22:06:55 +0200        GODLIKE        Marcus        MESSAGE        Database refreshed successfully
2012/03/31 22:06:55 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/03/31 22:06:55 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
Code:
2012/04/01 12:23:45 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/04/01 12:23:46 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/04/01 12:23:49 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/04/01 12:23:49 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/04/01 15:24:36 +0200        GODLIKE        Marcus        MESSAGE        Executing scheduled update:  Daily
2012/04/01 15:24:43 +0200        GODLIKE        Marcus        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.03.31.11 to version v2012.04.01.01
2012/04/01 15:24:43 +0200        GODLIKE        Marcus        MESSAGE        Starting database refresh
2012/04/01 15:24:43 +0200        GODLIKE        Marcus        MESSAGE        Stopping IP protection
2012/04/01 15:25:27 +0200        GODLIKE        Marcus        MESSAGE        IP Protection stopped
2012/04/01 15:25:29 +0200        GODLIKE        Marcus        MESSAGE        Database refreshed successfully
2012/04/01 15:25:29 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/04/01 15:25:29 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/04/01 18:39:01 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/04/01 18:39:03 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/04/01 18:39:06 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/04/01 18:39:06 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully

Code:
2012/04/02 07:38:00 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/04/02 07:38:01 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/04/02 07:38:04 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/04/02 07:38:04 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/04/02 12:44:52 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/04/02 12:44:53 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/04/02 12:44:56 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/04/02 12:44:57 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/04/02 12:45:14 +0200        GODLIKE        Marcus        MESSAGE        Starting database refresh
2012/04/02 12:45:14 +0200        GODLIKE        Marcus        MESSAGE        Stopping IP protection
2012/04/02 12:45:44 +0200        GODLIKE        Marcus        MESSAGE        IP Protection stopped
2012/04/02 12:45:45 +0200        GODLIKE        Marcus        MESSAGE        Database refreshed successfully
2012/04/02 12:45:45 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/04/02 12:45:45 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully
2012/04/02 15:10:24 +0200        GODLIKE        Marcus        MESSAGE        Executing scheduled update:  Daily
2012/04/02 15:10:25 +0200        GODLIKE        Marcus        MESSAGE        Database already up-to-date
2012/04/02 18:40:47 +0200        GODLIKE        Marcus        MESSAGE        Starting protection
2012/04/02 18:40:48 +0200        GODLIKE        Marcus        MESSAGE        Protection started successfully
2012/04/02 18:40:51 +0200        GODLIKE        Marcus        MESSAGE        Starting IP protection
2012/04/02 18:40:52 +0200        GODLIKE        Marcus        MESSAGE        IP Protection started successfully

markusg 02.04.2012 20:07
also das sieht alles gut aus.
ist das problem noch mal aufgetreten?

r|sen_82 03.04.2012 07:05
Komischerweise bisher nicht mehr... Keine Ahnung was da los war, oder warum das überhaupt so kam.

Ich bedanke mich jedenfalls herzlich bei Dir für Deine Hilfe! :dankeschoen::dankeschoen:

markusg 03.04.2012 11:17
will noch was prüfen:

lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

r|sen_82 04.04.2012 05:56
Jawoll, wie gewünscht hier die Liste:

Code:
Acrobat X Suite        Adobe Systems Incorporated        30.01.2012        3.537MB        1.0
Adobe Acrobat X Pro - English, Français, Deutsch        Adobe Systems        12.02.2012        2.758MB        10.1.2
Adobe AIR        Adobe Systems Inc.        30.01.2012                1.5.3.9130
Adobe Captivate Quiz Results Analyzer        Adobe Systems Incorporated        30.01.2012                1.0
Adobe Captivate Reviewer        Adobe Systems Incorporated        30.01.2012                2.0
Adobe Community Help        Adobe Systems Incorporated        30.01.2012                3.0.0.400
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        23.03.2012        6,00MB        11.1.102.63
Adobe Media Player        Adobe Systems Incorporated        30.01.2012                1.8

ADOBE ist denke ich mal nötig....


AI Suite II        ASUSTeK        30.01.2012                1.01.13                                                        notwendig

Apple Application Support        Apple Inc.        08.03.2012        61,0MB        2.1.7
Apple Mobile Device Support        Apple Inc.        08.03.2012        24,9MB        5.1.1.4
Apple Software Update        Apple Inc.        31.01.2012        2,38MB        2.1.3.127

                                                                                                        gehört zum iPhone bzw. iTunes


Battlefield 3™        Electronic Arts        30.01.2012                1.0.0.0                                                sehr notwendig ;)

Battlefield: Bad Company™ 2        Electronic Arts        03.02.2012        8.540MB        1.0.0.0                                notwendig


Battlelog Web Plugins        EA Digital Illusions CE AB        26.03.2012                1.118.0                        notwendig

Bonjour        Apple Inc.        31.01.2012        2,00MB        3.0.0.10                                                ebenfalls Apple, acht notwendig, oder?

Browser Configuration Utility        DeviceVM Inc.        29.01.2012        3,14MB        1.0.10.0                        keine Ahnung, kenne ich nicht. vllt.

unnötig?
Call of Duty: Modern Warfare 2        Infinity Ward        02.02.2012                                                bekannt & notwendig
Call of Duty: Modern Warfare 2 - Multiplayer        Infinity Ward        02.02.2012                                notwendig
Call of Duty: Modern Warfare 3        Infinity Ward - Sledgehammer Games        01.02.2012                        notwendig
Call of Duty: Modern Warfare 3 - Multiplayer        Infinity Ward - Sledgehammer Games        01.02.2012        notwendig
CCleaner        Piriform        03.04.2012                3.17                                                notwendig
DAEMON Tools Lite        DT Soft Ltd        30.01.2012                4.45.2.0287                                gelegentlich benötigt
Driver Genius Professional Edition        Driver-Soft Inc.        31.01.2012        16,1MB        11.0                unnötig
ESL Wire 1.11.1        Turtle Entertainment GmbH        11.03.2012        60,8MB                                        notwendig
ESN Sonar        ESN Social Software AB        12.03.2012                0.70.4                                        notwendig
Free YouTube to MP3 Converter version 3.10.15.1228        DVDVideoSoft Ltd.        12.02.2012        85,6MB        notwendig
FxVisor        Frameworkx        30.01.2012        0,40MB        1.3.0                                                        notwendig
G Data InternetSecurity 2012        G Data Software AG        29.01.2012        85,5MB        22.0.0.0                notwendig
Google Chrome        Google Inc.        29.01.2012                18.0.1025.142                                        notwendig
Google Earth Plug-in        Google        07.02.2012        48,7MB        6.2.1.6014                                        unnötig
Homefront        THQ        02.02.2012                                                                        unnötig
iCloud        Apple Inc.        08.03.2012        33,2MB        1.1.0.40                                                notwendig
Intel(R) Management Engine Components        Intel Corporation        30.01.2012                8.0.0.1351        notwendig
Intel(R) Network Connections 16.5.2.0        Intel        29.01.2012        15,1MB        16.5.2.0                        notwendig
Intel(R) Rapid Storage Technology        Intel Corporation        30.01.2012                10.5.0.1026        notwendig
iTunes        Apple Inc.        29.03.2012        156,9MB        10.6.1.7                                                notwendig
Java(TM) 6 Update 31        Oracle        12.03.2012        95,1MB        6.0.310                                                notwendig
JDownloader 0.9        AppWork GmbH        30.01.2012                0.9                                                notwendig
JMicron JMB36X Driver        JMicron Technology Corp.        31.01.2012                1.17.63.1                notwendig
Kalender-Excel-8.8        MSDatec        31.01.2012        2,52MB        8.8                                                unnötig
LightScribe System Software        LightScribe        30.01.2012        25,2MB        1.18.22.2                        unnötig
Logitech SetPoint 6.32        Logitech        31.01.2012        39,1MB        6.32.20                                        notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        28.03.2012        17,4MB        1.60.1.1000        notwendig, oder?
marvell 91xx driver        Marvell        31.01.2012                1.2.0.1016                                        notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        30.01.2012        38,8MB        4.0.30319        notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        30.01.2012        2,94MB        4.0.30319        notwendig
Microsoft Office Professional Plus 2010        Microsoft Corporation        30.01.2012                14.0.6029.1000        notwendig
Microsoft Silverlight        Microsoft Corporation        15.02.2012        40,5MB        4.1.10111.0                        notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        31.01.2012        0,29MB        8.0.59193        notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        31.01.2012        0,76MB        9.0.30729        notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        11.03.2012        0,23MB        9.0.30729.4148        notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        01.02.2012        0,77MB        9.0.30729.6161        notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        09.03.2012        0,22MB        9.0.30729        notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.01.2012        0,58MB        9.0.30729        notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        30.01.2012        0,57MB        9.0.30729.4148        notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        31.01.2012        0,59MB        9.0.30729.6161        notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        31.01.2012        13,8MB        10.0.40219        notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        31.01.2012        12,3MB        10.0.40219        notwendig
Nero 11        Nero AG        05.03.2012        2.550MB        11.0.15800                                                        notwendig
Nero Backup Drivers        Nero AG        30.01.2012        94,00KB        1.0.10000.1.0                                        notwendig
NVIDIA Grafiktreiber 296.10        NVIDIA Corporation        12.03.2012                296.10                        notwendig
NVIDIA PhysX        NVIDIA Corporation        09.03.2012        90,5MB        9.12.0213                                notwendig
NVIDIA Update 1.7.11        NVIDIA Corporation        12.03.2012                1.7.11                                notwendig
O&O Defrag Server        O&O Software GmbH        12.03.2012        52,5MB        15.0.107                        notwendig, oder?
O&O DiskImage Server        O&O Software GmbH        30.01.2012        53,4MB        6.0.422                                notwendig
Origin        Electronic Arts, Inc.        29.02.2012                8.5.0.4550                                        notwendig
PunkBuster Services        Even Balance, Inc.        13.02.2012                0.991                                notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        31.01.2012                6.0.1.6526        notwendig
Renesas Electronics USB 3.0 Host Controller Driver        Renesas Electronics Corporation        31.01.2012        1,13MB        2.1.28.1        notwendig
SHIFT 2 UNLEASHED™        Electronic Arts        03.02.2012        29,5MB        1.0.0.0                                        unnötig
Steam        Valve Corporation        01.02.2012        35,5MB        1.0.0.0                                                notwendig
System Requirements Lab CYRI        Husdawg, LLC        31.01.2012        0,45MB        4.5.1.0                                unbekannt
TeamSpeak 3 Client        TeamSpeak Systems GmbH        30.01.2012                                                notwendig
TeamViewer 7        TeamViewer        23.02.2012                7.0.12799                                        notwendig
The KMPlayer (remove only)                01.02.2012                                                        notwendig
Total War: SHOGUN 2        The Creative Assembly        02.02.2012                                                unnötig
TuneUp Utilities 2011        TuneUp Software        30.01.2012                10.0.4600.4                                notwendig
Universal AntiCheat 3 v1.063        DExUS        04.03.2012        8,50MB                                                notwendig
Warhammer® 40,000®: Dawn of War® II – Retribution™        Relic        02.02.2012                                unnötig
WinRAR 4.10 (64-Bit)        win.rar GmbH        30.01.2012                4.10.0                                        notwendig

Gruß

markusg 04.04.2012 12:25
deinstaliere:
Driver Genius

G Data : aktuell ist 2013
gehe auf die homepage und hohl dir das upgrade, sollte kostenlos sein.

deinstaliere:
Google Earth
Homefront
Kalender
LightScribe
SHIFT OO Defrag nicht nötig, kann windows selbst
Total War:
TuneUp : verzichte auf solchen unsinn, bringt wenig, kann dem system schaden.
Warhammer®

öffne otl bereinigen neustart.
öffne ccleaner analysieren bereinigen neustart.
testen wie das system läuft

r|sen_82 05.04.2012 11:36
Hab ich gemacht, bisher läuft alles soweit. Von Tuneup möchte ich mich allerdings nicht trennen, ich find das Programm nützlich, nutze allerdings nicht diese Bereinigungsfunktionen etc... ;)


Danke nochmals für dein Engagement & die Hilfe!

markusg 05.04.2012 11:39
ok, dann mal den pc absichern:
http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
chrome konfig, alle 3 links abarbeiten:

adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online

Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.66

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131