Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vermährte Prozesse

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.05.2013, 16:32   #1
Jumper741
 
Vermährte Prozesse - Standard

Vermährte Prozesse



Hallo, ich habe ein Problem wennzwar mein Prozesse Vermehren sich pro sec um 5.prozesse
All standart Prozesse sind da, und 1000 gleiche von 2.arte 1. cmd.exe und 2.. Conhost.exe (consolen-host)

und durch die vielen Prozesse spinnt mein pc langsam

Bitte um hilfe!!

Hallo, ich habe ein Problem wennzwar mein Prozesse Vermehren sich pro sec um 5.prozesse
All standart Prozesse sind da, und 1000 gleiche von 2.arte 1. cmd.exe und 2.. Conhost.exe (consolen-host)

und durch die vielen Prozesse spinnt mein pc langsam

Bitte um hilfe!

imageshack.us/photo/my-images/534/unbenanntubu.png

My Hijackthis:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:41, on 08.05.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Users\Win7\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Win7\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Win7\AppData\Roaming\57084sandy-patcher.exe
C:\Users\Win7\AppData\Roaming\13674sandy-patcher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Win7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\Win7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Win7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Win7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Win7\Downloads\HiJackThis204.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yhs.delta-search.com/?affID=119370&tt=030213_yh&babsrc=HP_ss&mntrId=02f4a61f000000000000001fcf52c99f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Win7\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Win7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [57084sandy-patcher.exe] C:\Users\Win7\AppData\Roaming\57084sandy-patcher.exe
O4 - HKCU\..\Run: [13674sandy-patcher.exe] C:\Users\Win7\AppData\Roaming\13674sandy-patcher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: hxxp://*.aeriagames.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Realtek11nCU - Realtek - C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13116 bytes
         
--- --- ---

Geändert von Jumper741 (08.05.2013 um 16:50 Uhr)

Alt 08.05.2013, 22:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermährte Prozesse - Standard

Vermährte Prozesse



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Und bitte keine Hijackthis-Logs posten!
__________________

__________________

Alt 09.05.2013, 10:52   #3
Jumper741
 
Vermährte Prozesse - Standard

Vermährte Prozesse



Nun also ich habe mir gestern ein Programm namens Malwarebytes Anti-Malware Heruntergeladen und das mal im Abgesichertem Modus ausgeführt, die Prozesse haben sich nicht mehr vermehrt, doch es waren 2 Prozzese die hießen patscher und verschiedene zahlen aber die haben sich ständig erneuert so das ich sie nicht löschen konnte.
Dann habe ich mal eine Systemwiederherstellung durchgeführt die Viren haben mir kein ärger mehr gemacht doch sehr viele Daten und Programme wurde bei mir entfernt und gelöscht und z.b funktionirt meine Grafikkarte nicht mehr die wird irgendwie nicht mehr erkannt

Ich brauche dringend hilfe!!

edit:
hier sind die 2 Prozesse

Running processes:
C:\Users\Win7\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Win7\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Win7\AppData\Roaming\57084sandy-patcher.exe
C:\Users\Win7\AppData\Roaming\13674sandy-patcher.exe


Den neuen Log:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 09.05.2013 12:52:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win7\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,70% Memory free
7,96 Gb Paging File | 6,91 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,04 Gb Total Space | 54,88 Gb Free Space | 46,10% Space Free | Partition Type: NTFS
Drive D: | 253,47 Gb Total Space | 229,93 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.09 12:48:35 | 000,050,477 | ---- | M] () -- C:\Users\Win7\Downloads\Defogger.exe
PRC - [2013.05.09 12:48:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Win7\Downloads\OTL.exe
PRC - [2013.02.22 21:07:18 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Win7\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.03.31 09:50:44 | 001,228,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009.07.30 18:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.09 12:48:35 | 000,050,477 | ---- | M] () -- C:\Users\Win7\Downloads\Defogger.exe
MOD - [2009.04.29 20:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009.02.17 18:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.12.01 14:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.15 14:34:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)
SRV - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.08 22:03:50 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.08 07:31:18 | 000,926,824 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2011.03.30 08:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 04:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 04:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.22 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.02.22 15:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.17 18:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009.02.17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV - [2013.02.04 18:57:10 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\myfoi.sys -- (molgpzc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yhs.delta-search.com/?affID=119370&tt=030213_yh&babsrc=HP_ss&mntrId=02f4a61f000000000000001fcf52c99f
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC ED 90 AC 2B FB CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119370&tt=030213_yh&babsrc=SP_ss&mntrId=02f4a61f000000000000001fcf52c99f
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2AD6F6BD-A985-4F7A-8053-4444A7E87895}&mid=7814d836f9ac47d09929192946b30a92-59c5515544a218d0cec5a7bd7a2d646d25cb4027&lang=de&ds=AVG&pr=pr&d=2012-10-17 15:35:55&v=13.2.0.1&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Win7\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Win7\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Win7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119370&tt=030213_yh&babsrc=SP_ss&mntrId=02f4a61f000000000000001fcf52c99f
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Win7\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Win7\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Win7\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Win7\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15462C2F-9D6E-4E55-8707-32E5B0D598F3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B761A9E-DDD9-459C-AE0A-BD2734123255}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F205AE3-A6D8-4C65-8223-6DFA10A10984}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00A030E-38B6-4C7D-A516-DF9577F9C95B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5a9c1da0-c857-11e1-abe0-c8600057e361}\Shell - "" = AutoRun
O33 - MountPoints2\{5a9c1da0-c857-11e1-abe0-c8600057e361}\Shell\AutoRun\command - "" = J:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013.05.08 22:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.08 22:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.05.08 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.05.08 22:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.05.08 22:10:00 | 000,023,680 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2013.05.08 22:06:33 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\Apps
[2013.05.08 22:06:32 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\Deployment
[2013.05.08 22:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.05.08 22:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.05.08 22:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013.05.08 22:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.05.08 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.05.08 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
[2013.05.08 22:03:50 | 000,016,384 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys
[2013.05.08 22:03:48 | 005,473,280 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOSDX64.dll
[2013.05.08 22:03:48 | 002,212,864 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKDispCPL.dll
[2013.05.08 22:03:48 | 001,354,240 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atklumdispx.dll
[2013.05.08 22:03:48 | 000,151,040 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atkdx11dispx.dll
[2013.05.08 22:03:48 | 000,150,528 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atkdx10dispx.dll
[2013.05.08 22:03:48 | 000,102,400 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\NetVideo_SBS.ax
[2013.05.08 22:03:48 | 000,063,488 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKFUSService.exe
[2013.05.08 22:03:48 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys
[2013.05.08 22:03:48 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\ATKDispLowFilter.sys
[2013.05.08 22:03:48 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\asusgsb.sys
[2013.05.08 22:03:48 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\asusgsb.sys
[2013.05.08 22:03:48 | 000,016,896 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOGL64.dll
[2013.05.08 22:03:46 | 005,463,552 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOSDX32.dll
[2013.05.08 22:03:46 | 001,336,320 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\ATKLUMDISP.dll
[2013.05.08 22:03:46 | 000,135,168 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\atkdx11disp.dll
[2013.05.08 22:03:46 | 000,135,168 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\atkdx10disp.dll
[2013.05.08 22:03:46 | 000,102,400 | ---- | C] (ASMedia Techonology) -- C:\Windows\ASMT_CE.dll
[2013.05.08 22:03:46 | 000,071,680 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c.dll
[2013.05.08 22:03:46 | 000,069,632 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c_i.dll
[2013.05.08 22:03:46 | 000,068,608 | ---- | C] (ASMedia Technology) -- C:\Windows\nVGA_i2c.dll
[2013.05.08 22:03:46 | 000,015,360 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOGL32.dll
[2013.05.08 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2013.05.08 22:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013.05.08 22:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.05.08 21:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.05.08 21:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2013.05.08 21:55:11 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
[2013.05.08 21:02:47 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\dclogs
[2013.05.08 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\Malwarebytes
[2013.05.08 20:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.08 20:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.08 20:18:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.08 20:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.04 23:43:29 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\TeamViewer
[2013.04.23 14:14:15 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\TERA
[2013.04.22 09:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.04.22 09:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.04.22 09:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2013.04.21 17:57:47 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\NosMapsBot
[2013.04.21 17:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE)
[2013.04.21 14:38:20 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\Gameforge4d
[2013.04.21 14:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameforgeLive
[2013.04.21 14:38:04 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\Programs
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 12:48:43 | 000,000,000 | ---- | M] () -- C:\Users\Win7\defogger_reenable
[2013.05.09 12:45:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 12:45:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 12:43:26 | 001,619,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 12:43:26 | 000,699,642 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 12:43:26 | 000,654,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 12:43:26 | 000,148,438 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 12:43:26 | 000,121,226 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 12:38:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 12:38:00 | 3207,159,808 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.08 22:41:02 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.05.08 22:38:08 | 000,002,321 | ---- | M] () -- C:\Users\Win7\Desktop\Google Chrome.lnk
[2013.05.08 22:20:43 | 000,001,007 | ---- | M] () -- C:\Users\Win7\Desktop\SpeedFan.lnk
[2013.05.08 22:20:42 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.05.08 22:12:09 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024262500-686941826-1144732366-1000UA.job
[2013.05.08 22:03:50 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys
[2013.05.08 21:55:43 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2013.05.08 21:06:49 | 000,000,900 | ---- | M] () -- C:\Users\Win7\Documents\cc_20130508_210645.reg
[2013.05.08 20:18:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.06 19:02:23 | 000,003,488 | ---- | M] () -- C:\bootsqm.dat
[2013.05.03 12:10:31 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.05.02 20:12:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024262500-686941826-1144732366-1000Core.job
[2013.05.02 17:07:18 | 005,778,957 | ---- | M] () -- C:\Users\Win7\Desktop\Ich_glaub_an_dich_-Azad_feat_Adel_Tawil_mit_lyrics....mp3
[2013.04.29 21:23:01 | 000,560,657 | ---- | M] () -- C:\Users\Win7\Desktop\Fizz_Splash.jpg
[2013.04.23 11:35:32 | 000,001,838 | ---- | M] () -- C:\Users\Win7\Desktop\TERA.lnk
[2013.04.21 17:45:45 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\NosTale.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.09 12:48:43 | 000,000,000 | ---- | C] () -- C:\Users\Win7\defogger_reenable
[2013.05.08 22:41:02 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.05.08 22:20:43 | 000,001,007 | ---- | C] () -- C:\Users\Win7\Desktop\SpeedFan.lnk
[2013.05.08 22:20:42 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.05.08 22:03:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013.05.08 22:03:48 | 000,010,766 | ---- | C] () -- C:\Windows\SysNative\asusgsb.cat
[2013.05.08 22:03:48 | 000,010,733 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.cat
[2013.05.08 22:03:48 | 000,002,109 | ---- | C] () -- C:\Windows\SysNative\asusgsb.inf
[2013.05.08 22:03:48 | 000,001,849 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.inf
[2013.05.08 22:03:46 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.05.08 22:03:46 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2013.05.08 22:03:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2013.05.08 22:03:46 | 000,002,963 | ---- | C] () -- C:\Windows\SysWow64\xvid.inf
[2013.05.08 21:55:43 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2013.05.08 21:55:10 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013.05.08 21:06:47 | 000,000,900 | ---- | C] () -- C:\Users\Win7\Documents\cc_20130508_210645.reg
[2013.05.08 20:18:54 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.06 19:02:23 | 000,003,488 | ---- | C] () -- C:\bootsqm.dat
[2013.05.02 17:06:58 | 005,778,957 | ---- | C] () -- C:\Users\Win7\Desktop\Ich_glaub_an_dich_-Azad_feat_Adel_Tawil_mit_lyrics....mp3
[2013.04.29 21:23:01 | 000,560,657 | ---- | C] () -- C:\Users\Win7\Desktop\Fizz_Splash.jpg
[2013.04.23 11:35:32 | 000,001,838 | ---- | C] () -- C:\Users\Win7\Desktop\TERA.lnk
[2013.04.21 17:45:45 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\NosTale.lnk
[2013.02.04 18:57:10 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\myfoi.sys
[2012.07.20 20:49:18 | 001,638,714 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.20 16:57:21 | 000,027,520 | ---- | C] () -- C:\Users\Win7\AppData\Local\dt.dat
[2012.07.06 18:04:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.01 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\AVG
[2013.02.04 19:11:11 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Babylon
[2013.05.08 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\dclogs
[2012.07.12 15:29:24 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\DragonicaECB
[2012.08.13 22:42:39 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\DVDVideoSoft
[2012.08.10 21:25:41 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.07 22:50:32 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\LolClient
[2012.10.21 18:56:47 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\OpenOffice.org
[2012.11.18 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Screaming Bee
[2013.05.08 21:16:26 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\TeamViewer
[2013.04.23 14:14:15 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\TERA
[2013.02.24 19:05:56 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\TS3Client
[2012.10.17 15:36:16 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\TuneUp Software
[2012.09.04 20:38:09 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.05.2013 12:48:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win7\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,84% Memory free
7,96 Gb Paging File | 6,72 Gb Available in Paging File | 84,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,04 Gb Total Space | 54,88 Gb Free Space | 46,10% Space Free | Partition Type: NTFS
Drive D: | 253,47 Gb Total Space | 229,93 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023F84BD-6AC3-405C-8889-8F1FD7FAC981}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{037BD017-E719-4897-8293-F21EF0974F0E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0B14665D-7CB2-4566-9F09-ECBB445D43EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1B9C39B3-14CB-4458-9DD5-E4C397121E16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D468A05-71A5-453D-A376-FA5C0230A797}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3012CA2B-E64B-4EB9-88FC-D88970FDB533}" = lport=49200 | protocol=6 | dir=in | name=akamai netsession interface | 
"{335C019A-7FAC-42D5-ADFA-4167B982855F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{3F25878D-8A38-4F1F-A10C-CC9048FE000E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3FBEC633-58BB-40A5-86D4-03691FE9C294}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{40679D88-CC10-4CA2-A5AC-0A8D675B7B7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4BF6ABE7-F24A-4DF1-BA82-A2A9458A967C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{580F3565-6FB6-426D-8B61-43A9BE95ED91}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6076F555-28D7-4A58-BE21-52753EC62386}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{67943929-0945-4B7D-BDCD-32228E78327C}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{93AE94E2-D8A9-4C42-9FE5-8DA7C4D408C6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9682B775-26C0-4996-A643-5A8576846711}" = rport=137 | protocol=17 | dir=out | app=system | 
"{99493425-3DCD-4318-BAF6-1708737671F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9AA6977F-71A5-44F8-BFE5-3FAF877B7C61}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A7FF1D00-94EF-4B6C-B5A4-91411AEA6834}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{B9E55EA6-6C68-400C-8977-7031DC12F206}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BAB92416-81A0-4DAA-8166-3ACF793C729B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C2AC3DF5-3684-4F34-B713-E625FABC937F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C469DD1C-EE51-4D36-A8FB-3D01F87438CF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{EC3BC093-B64D-4E17-AA9A-B1D88992289F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F17F9715-3139-48D9-A951-640AD724A0E2}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{F5DA1C0E-3D28-4803-B599-21C96F5A125C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FE4CE489-0CFF-49B2-AE3B-4968180DF8CC}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F249ECA-D4EC-4014-9AC2-4E18683F464F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{112AE9C7-1ABC-463E-9E9D-C6875B5E30F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{1CFC2587-D8D3-49D5-BFED-C393A52925DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tr_playa12\counter-strike source\hl2.exe | 
"{2697FE23-99AE-4BC3-BBF6-E5434EA8B509}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{27FDCFBB-CEB4-461E-971E-1B3F3C728DED}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{363F3D58-F52C-495F-8932-B09E6A8A1F42}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{399AF835-692F-4712-91AD-9337DFBCD13F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{41B390B6-A545-4537-AE93-4C6912AAB848}" = protocol=6 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe | 
"{47303A6D-28C4-4808-B5E7-9527D59A24D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4AAD8084-7BF5-4673-992E-E9DF1275F73D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{54A7BE01-8673-4D58-B6F4-D4DB985E08FF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{55B168DF-E590-42DB-ABCF-DD8B4FD8C022}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{59291E9D-EC8C-48A3-92CF-772C5BE0E218}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{60E81E4D-0528-47C4-8E10-1498D032B169}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{662FA92F-8C99-4AC3-8CDA-9F2C80CC0F93}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{6E865486-06EA-40D5-881E-D5070F6BA711}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7400F1D2-DFD3-4A42-87AA-44EBFAD47174}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{7B97833A-57B4-4330-B8B1-4CF75F04DF28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{86C1AA76-9601-40CE-ADA3-07BA55AD3C17}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{927AB1C9-D255-487E-9B11-1ABE24E73772}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{95DCFE31-6E7F-4E4F-9955-1C677A964D4B}" = protocol=17 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe | 
"{971E6734-9B0A-474D-BFCC-19A7D677B19F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9B97CD9A-932B-46BC-BCF0-CF362D1DB6E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A1F939C6-A92F-4581-A4E5-E927636DCC4D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{A6E7449C-D9ED-47EC-9DEC-241D32DFC65B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A90A3A21-D2EB-4F11-8BB1-FEBA0B1A4FDF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A9949F48-3C39-4F4F-ACD0-88DE75581BC7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B97B6F6A-7E1C-4740-A3CA-53DD993EC588}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{BECB7942-B2AE-448B-84B5-CBD9C13FE9A0}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{C1500A11-B8A5-46FD-904E-02D055C15811}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C43F88B5-8028-4B33-9C65-F406DA403068}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CBFE3479-6BEF-4F24-BB54-18DEEBFECF23}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{D10A9C64-746A-41CB-8E64-A940E53203F0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E332F9BE-4595-451F-AADD-F415B00A87E6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3D6128E-DB28-4005-BF0E-63121BEAF89F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tr_playa12\counter-strike source\hl2.exe | 
"{EC2062CA-6CC3-469B-972E-86CF82907818}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F677E5F7-5664-470D-A209-CBBFA62F8DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FA3EA71F-5789-4C0E-97CF-4CC2F20181EB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{FC957A04-AAC5-4297-BEF6-C7518AE31949}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"TCP Query User{00E4C160-5FB3-4DD1-B1B5-C88720836182}C:\users\win7\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{1D62ED6E-908B-451A-9E51-829768134034}C:\program files (x86)\steam\steamapps\tr_playa12\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tr_playa12\team fortress 2\hl2.exe | 
"TCP Query User{31F07C18-11BA-49BD-B399-69414C06851B}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{36107417-2F9D-43BD-9281-C8BF54BCBD14}C:\users\win7\desktop\triagonmt2\.triagonmt2.exe" = protocol=6 | dir=in | app=c:\users\win7\desktop\triagonmt2\.triagonmt2.exe | 
"TCP Query User{48D3F9E1-99DC-4D4F-BF4D-8DC50B183ADF}C:\users\win7\desktop\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\win7\desktop\hardcore-reloaded\metin2client.bin | 
"TCP Query User{6EF9FB64-3DC1-4EFB-AA66-BA36F37B1842}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"TCP Query User{77E18119-F09F-477A-ABB6-57BED8A3BF6E}C:\users\win7\desktop\ephesus2\ephesus2.exe" = protocol=6 | dir=in | app=c:\users\win7\desktop\ephesus2\ephesus2.exe | 
"TCP Query User{81494DE4-67FA-4DC0-B876-979F7A416D2E}C:\users\win7\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\win7\desktop\hardcore-reloaded\.hardcore reloaded.exe | 
"TCP Query User{93001756-CE9A-4DB7-B5B1-31084C7EAB8A}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{959E6CF1-1C7B-44F5-8790-1230C15586F8}C:\users\win7\desktop\triagonmt2\.triagonmt2.exe" = protocol=6 | dir=in | app=c:\users\win7\desktop\triagonmt2\.triagonmt2.exe | 
"TCP Query User{B5792798-EAF2-4BF9-A573-9F8D82FCC882}C:\aeriagames\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\aeriagames\gunz\gunz.exe | 
"TCP Query User{B88B52C4-5FC3-4111-9AB2-8EDA079AA748}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{DAF27D3E-FD72-4D41-9FF1-2CAFF44B62E8}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{EFB2D7DE-E6AE-4072-A334-4CF021BE5EAE}C:\users\win7\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\win7\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{079D017E-2523-429B-9A94-8377DEECEC61}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{1B701B2A-E0CA-419C-A998-28794B4786A4}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{1EDC89D0-A130-4797-8AAB-F5028AD8BB1B}C:\users\win7\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\win7\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{1FD48B74-A891-4514-9B7D-622105730826}C:\users\win7\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\win7\desktop\hardcore-reloaded\.hardcore reloaded.exe | 
"UDP Query User{645F70F1-050C-4503-91A5-45FD44765902}C:\aeriagames\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\aeriagames\gunz\gunz.exe | 
"UDP Query User{684904F8-70E7-4343-8849-359CA05EC05F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{728C82DC-6779-418B-8DDC-6D51283F5C47}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{9BA282A3-A24E-4AFC-91D3-4F3B5AE26EA7}C:\users\win7\desktop\triagonmt2\.triagonmt2.exe" = protocol=17 | dir=in | app=c:\users\win7\desktop\triagonmt2\.triagonmt2.exe | 
"UDP Query User{A8125DA6-0763-4C96-8CE1-D870AE490F74}C:\program files (x86)\steam\steamapps\tr_playa12\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tr_playa12\team fortress 2\hl2.exe | 
"UDP Query User{BE86DA0E-C41B-4285-ADD9-B878AC135B9F}C:\users\win7\desktop\ephesus2\ephesus2.exe" = protocol=17 | dir=in | app=c:\users\win7\desktop\ephesus2\ephesus2.exe | 
"UDP Query User{D36AB19D-1F57-4AD7-A347-D577BA5BE6FB}C:\users\win7\desktop\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\win7\desktop\hardcore-reloaded\metin2client.bin | 
"UDP Query User{E0E1DDF9-BC9D-4F3B-B710-6A6045828725}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"UDP Query User{F606269F-9C71-46D5-89D1-BA0D4807A5C2}C:\users\win7\desktop\triagonmt2\.triagonmt2.exe" = protocol=17 | dir=in | app=c:\users\win7\desktop\triagonmt2\.triagonmt2.exe | 
"UDP Query User{FBEA5BC6-FE69-4F58-99CA-A962ED08FF08}C:\users\win7\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{72376EB6-0189-45B3-A4F6-823F549697C3}" = MOUSE Editor
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{8334930A-9405-467B-9498-1EBC1878A09D}" = AMD VISION Engine Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"AVMWLANCLI" = AVM FRITZ!WLAN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{72376EB6-0189-45B3-A4F6-823F549697C3}" = Mouse Editor
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"NosTale(DE)_is1" = Nostale(DE)
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"TeamViewer 7" = TeamViewer 7
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.05.2013 15:03:42 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 15:19:32 | Computer Name = Win7-PC | Source = ESENT | ID = 455
Description = Catalog Database (948) Catalog Database: Fehler -1811 (0xfffff8ed)
 beim Öffnen von Protokolldatei C:\Windows\system32\CatRoot2\edb.log.
 
Error - 08.05.2013 15:19:32 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 15:19:32 | Computer Name = Win7-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -528.
 
Error - 08.05.2013 15:28:44 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 15:32:48 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 15:58:28 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 16:10:57 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 16:24:49 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 16:45:03 | Computer Name = Win7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ATKDispCPL.dll, Version: 7.14.10.305,
 Zeitstempel: 0x4bb492f3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000012cf5
ID
 des fehlerhaften Prozesses: 0x9cc  Startzeit der fehlerhaften Anwendung: 0x01ce4c29e9dc66c9
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\ATKDispCPL.dll  Berichtskennung: 28472b78-b820-11e2-8e97-c8600057e361
 
[ System Events ]
Error - 08.05.2013 16:45:20 | Computer Name = Win7-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 08.05.2013 16:45:23 | Computer Name = Win7-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 09.05.2013 06:38:10 | Computer Name = Win7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.05.2013 06:38:11 | Computer Name = Win7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 09.05.2013 06:38:11 | Computer Name = Win7-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\Rtlihvs.dll  Fehlercode: 126  
 
Error - 09.05.2013 06:38:12 | Computer Name = Win7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.05.2013 06:38:12 | Computer Name = Win7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 09.05.2013 06:38:12 | Computer Name = Win7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 09.05.2013 06:38:12 | Computer Name = Win7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.05.2013 06:38:17 | Computer Name = Win7-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avipbb  avkmgr  molgpzc
 
 
< End of report >
         
--- --- ---
__________________

Geändert von Jumper741 (09.05.2013 um 11:43 Uhr)

Alt 09.05.2013, 18:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermährte Prozesse - Standard

Vermährte Prozesse



Hatte Malwarebytes was gefunden? Wenn ja, wo sind die Logs?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Vermährte Prozesse
acrobat update, cmd.exe, console, hilfe!, hilfe!!, langsam, pc langsam, plug-in, problem, prozess, prozesse, spinn, spinnt, standart, vermehren, virus ?




Ähnliche Themen: Vermährte Prozesse


  1. verschiedene prozesse .exe *32
    Log-Analyse und Auswertung - 21.07.2013 (20)
  2. Merkwürdige Prozesse
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (4)
  3. Mehrere IE Prozesse
    Log-Analyse und Auswertung - 12.09.2008 (0)
  4. Prozesse analysieren?!?!
    Plagegeister aller Art und deren Bekämpfung - 10.09.2008 (3)
  5. Überflüssige Prozesse?
    Log-Analyse und Auswertung - 17.07.2008 (3)
  6. Prozesse stürzen ab
    Mülltonne - 05.07.2008 (0)
  7. Zu viele Prozesse?
    Log-Analyse und Auswertung - 27.03.2008 (5)
  8. was sind das für prozesse?!?!?!
    Mülltonne - 22.03.2008 (2)
  9. prozesse-fragen
    Alles rund um Windows - 23.12.2007 (2)
  10. Zu viele Prozesse?
    Log-Analyse und Auswertung - 13.11.2007 (9)
  11. Nervende Prozesse
    Plagegeister aller Art und deren Bekämpfung - 04.11.2007 (10)
  12. Iexplorer Prozesse
    Log-Analyse und Auswertung - 21.11.2006 (2)
  13. 5 böse Prozesse
    Log-Analyse und Auswertung - 03.10.2006 (4)
  14. Seltsame Prozesse
    Plagegeister aller Art und deren Bekämpfung - 20.09.2006 (3)
  15. Prozesse über prozesse
    Log-Analyse und Auswertung - 15.11.2005 (2)
  16. Komische Prozesse?!?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2005 (32)
  17. Win 2k Prozesse
    Alles rund um Windows - 04.01.2004 (0)

Zum Thema Vermährte Prozesse - Hallo, ich habe ein Problem wennzwar mein Prozesse Vermehren sich pro sec um 5.prozesse All standart Prozesse sind da, und 1000 gleiche von 2.arte 1. cmd.exe und 2.. Conhost.exe (consolen-host) - Vermährte Prozesse...
Archiv
Du betrachtest: Vermährte Prozesse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.