Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Tastatur spinnt und macht mit jeder taste etwas anderes auf

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.01.2013, 20:52   #1
skuj
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



hallo ich habe schon seit einiger zeit ein problem mit meinem laptop (win7), und zwar passiert es manchmal, dass er sozusagen in einen modus switcht in dem jeder taste auf meiner tastatur ein "befehl" hat. zb. wenn ich 1-9 klicke öffnen sich die programme unten in meiner taskleiste. ich habe das gefühl dass es sich dabei um einen trojaner o.ä. handeln könnte.

mfg


Sven

PS: das ist mein erster beitrag hier sorry wenn ich iwas falsch gemacht habe

Alt 26.01.2013, 21:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 27.01.2013, 15:32   #3
skuj
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



Vielen dank erstmal für deine hilfe. ich habe den scan durchgeführt und diese 2 dateien bekommen :

ODT:
Code:
ATTFilter
OTL logfile created on: 27.01.2013 16:06:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sven\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,99% Memory free
7,08 Gb Paging File | 1,49 Gb Available in Paging File | 21,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 555,07 Gb Total Space | 315,89 Gb Free Space | 56,91% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,65 Gb Free Space | 49,12% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 69,78 Mb Free Space | 69,78% Space Free | Partition Type: NTFS
Drive G: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SVEN-PC | User Name: Sven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
PRC - C:\Programme\Steam\steam.exe (Valve Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\LOLReplay\LOLRecorder.exe (LOL Replay)
PRC - C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Users\Sven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe ()
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.233\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Steam\sdl.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\libglesv2.dll ()
MOD - C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\libegl.dll ()
MOD - C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a013e3b347de5b1b608daebdff0d46c0\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Orbitdownloader\wtlctrl.dll ()
MOD - C:\Programme\LOLReplay\Air.dll ()
MOD - C:\Programme\LOLReplay\LOLUtils.dll ()
MOD - C:\Programme\LOLReplay\Compression.dll ()
MOD - C:\Programme\LOLReplay\Launcher.dll ()
MOD - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe ()
MOD - C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.233\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
MOD - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Programme\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - C:\Programme\ManyCam\Bin\opencv_core220.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OverwolfUpdaterService) -- C:\Program Files\Overwolf\\OverwolfUpdater.exe ()
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva400) -- C:\Windows\system32\XDva400.sys File not found
DRV - (XDva399) -- C:\Windows\system32\XDva399.sys File not found
DRV - (XDva398) -- C:\Windows\system32\XDva398.sys File not found
DRV - (XDva394) -- C:\Windows\system32\XDva394.sys File not found
DRV - (pfsvgae) -- C:\Users\Sven\AppData\Local\Temp\pfsvgae.sys File not found
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC)
DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9bc0b948-56a1-494d-98e0-01b529cb8230&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE A1 97 AB F1 71 CD 01  [binary data]
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9bc0b948-56a1-494d-98e0-01b529cb8230&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9bc0b948-56a1-494d-98e0-01b529cb8230&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\..\SearchScopes,DefaultScope = {438889EC-C7FB-4B3A-8FB8-37D781D16451}
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9bc0b948-56a1-494d-98e0-01b529cb8230&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\..\SearchScopes\{438889EC-C7FB-4B3A-8FB8-37D781D16451}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.orbitdownloader.com"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sven\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sven\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.30 17:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 02:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 02:07:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.28 18:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions
[2012.12.30 17:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\ce5mnlgq.default-1352899171588\extensions
[2012.11.14 21:24:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\ce5mnlgq.default-1352899171588\extensions\ich@maltegoetz.de
[2012.11.16 16:46:57 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\firefox\profiles\ce5mnlgq.default-1352899171588\extensions\adblockpopups@jessehakanen.net.xpi
[2012.11.23 20:00:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\firefox\profiles\ce5mnlgq.default-1352899171588\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.14 22:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.14 22:26:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.20 02:07:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 19:40:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9bc0b948-56a1-494d-98e0-01b529cb8230&affid=110774&searchtype=hp&babsrc=lnkry
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9bc0b948-56a1-494d-98e0-01b529cb8230&affid=110774&searchtype=hp&babsrc=lnkry
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sven\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Sven\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sven\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.1_0\
CHR - Extension: YouTube = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: Collusion for Chrome = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\2.1.0_0\
CHR - Extension: Collusion for Chrome = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\2.2.0_0\
CHR - Extension: AdBlock = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: Battlefield Heroes = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.145.0_0\
CHR - Extension: Unfriend Finder = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\kddnblacojpnmjdlpnndlcamnmmkfina\40_0\
CHR - Extension: Skype Click to Call = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Happy Wheels = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0\
CHR - Extension: Google Mail-Checker = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: YouTube Unblocker = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.3.2_0\
CHR - Extension: ScriptSafe = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\
CHR - Extension: Google Mail = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000..\Run: [Akamai NetSession Interface] C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2244780475-1715967683-3346739000-1000..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Play League of Legends.lnk = C:\Riot Games\League of Legends\lol.launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94507E94-BDF5-4278-ACEC-CE2B6D75FEFA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9563869-970B-4185-9BFF-B51DC3754A89}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.21 19:29:47 | 000,654,872 | R--- | M] (Black Hole Entertainment) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.08.24 23:21:49 | 000,000,093 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.09.16 20:24:38 | 005,852,582 | R--- | M] () - G:\Autorun.orc -- [ UDF ]
O33 - MountPoints2\{83c75815-9a86-11e1-ab7b-0022200bbb15}\Shell - "" = AutoRun
O33 - MountPoints2\{83c75815-9a86-11e1-ab7b-0022200bbb15}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b1bd0870-7f12-11e1-9074-0022200bbb15}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bd0870-7f12-11e1-9074-0022200bbb15}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2011.09.21 19:29:47 | 000,654,872 | R--- | M] (Black Hole Entertainment)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.27 15:19:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sven\Desktop\OTL.exe
[2013.01.23 22:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.23 19:15:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.23 19:15:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.23 19:15:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.18 18:50:32 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Auslogics
[2013.01.18 18:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013.01.18 18:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013.01.15 14:46:47 | 000,000,000 | RH-D | C] -- C:\Users\Sven\AppData\Roaming\SecuROM
[2013.01.14 22:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.14 21:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013.01.14 21:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\osu!
[2013.01.14 21:29:21 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Downloaded Installations
[2013.01.14 15:23:22 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.14 15:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.09 14:16:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 14:13:26 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.09 14:13:26 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.09 14:13:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 14:13:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 14:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 14:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 14:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 14:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 14:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 14:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 14:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 14:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 14:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 14:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 14:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 14:13:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 14:13:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 14:13:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 14:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 14:12:45 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.09 14:12:45 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.09 14:12:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.09 14:12:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.09 14:12:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.09 14:12:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.09 14:12:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.09 14:12:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.09 14:12:45 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.09 14:12:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.09 14:12:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.09 14:12:45 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.09 14:12:43 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.09 14:12:43 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.09 14:12:43 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.09 14:12:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.09 14:12:00 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 14:11:59 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.01.07 16:11:47 | 000,000,000 | ---D | C] -- C:\Users\Sven\Neuer Ordner
[2012.12.30 17:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.30 17:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.30 17:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.27 15:43:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.27 15:32:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2244780475-1715967683-3346739000-1000UA.job
[2013.01.27 12:58:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 12:58:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 12:50:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.27 12:50:22 | 2406,924,288 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.26 22:32:09 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2244780475-1715967683-3346739000-1000Core.job
[2013.01.26 16:28:01 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.26 16:28:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.26 16:28:01 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.26 16:28:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.21 19:08:51 | 000,011,740 | ---- | M] () -- C:\Users\Sven\Desktop\schulpraktikums info email.odt
[2013.01.12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.11 20:49:44 | 000,065,558 | ---- | M] () -- C:\Users\Sven\Desktop\Ba dum tssshhh.mp3
[2013.01.10 17:44:24 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.10 17:44:24 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.10 15:42:35 | 000,294,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.07 16:44:08 | 004,787,848 | ---- | M] () -- C:\Users\Sven\Desktop\Requiem for a Dream Soundtrack.mp3
[2013.01.03 23:06:39 | 006,875,575 | ---- | M] () -- C:\Users\Sven\Desktop\[Drumstep] - Krewella - One Minute (DotEXE 'Dopest Dope' Remix) [Monstercat Release].mp3
[2012.12.30 17:36:12 | 006,485,251 | ---- | M] () -- C:\Users\Sven\Desktop\Will.i.am - Scream And Shout Ft. Britney Spears (Lyrics on screen).mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.21 19:08:50 | 000,011,740 | ---- | C] () -- C:\Users\Sven\Desktop\schulpraktikums info email.odt
[2013.01.21 15:46:02 | 000,473,017 | ---- | C] () -- C:\Users\Sven\Desktop\722412_121966781309003_19094_n.mp4
[2013.01.11 20:49:41 | 000,065,558 | ---- | C] () -- C:\Users\Sven\Desktop\Ba dum tssshhh.mp3
[2013.01.07 16:43:47 | 004,787,848 | ---- | C] () -- C:\Users\Sven\Desktop\Requiem for a Dream Soundtrack.mp3
[2013.01.03 23:06:15 | 006,875,575 | ---- | C] () -- C:\Users\Sven\Desktop\[Drumstep] - Krewella - One Minute (DotEXE 'Dopest Dope' Remix) [Monstercat Release].mp3
[2012.12.30 17:35:46 | 006,485,251 | ---- | C] () -- C:\Users\Sven\Desktop\Will.i.am - Scream And Shout Ft. Britney Spears (Lyrics on screen).mp3
[2012.10.18 19:29:04 | 661,708,776 | ---- | C] () -- C:\Users\Sven\Cossacks.Back.to.War.-.dev.rar
[2012.10.18 19:26:45 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.10.06 13:15:57 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.10.06 13:15:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.07.18 11:33:23 | 000,007,605 | ---- | C] () -- C:\Users\Sven\AppData\Local\Resmon.ResmonCfg
[2012.07.05 18:35:48 | 000,026,897 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2012.06.24 15:25:32 | 000,022,568 | ---- | C] () -- C:\Users\Sven\.recently-used.xbel
[2012.06.22 17:54:18 | 000,000,103 | ---- | C] () -- C:\Windows\asciiart.ini
[2012.04.16 19:31:33 | 000,000,022 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012.03.25 00:01:38 | 000,001,247 | ---- | C] () -- C:\Users\Sven\AppData\Local\recently-used.xbel
[2012.03.02 17:45:11 | 000,005,120 | ---- | C] () -- C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.04 22:21:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012.01.30 20:51:22 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2012.01.28 22:32:25 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.01.28 22:32:25 | 000,138,056 | ---- | C] () -- C:\Users\Sven\AppData\Roaming\PnkBstrK.sys
[2012.01.28 22:31:59 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.01.28 22:31:57 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.28 17:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.26 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\.minecraft
[2012.10.15 18:48:07 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Aeria Games & Entertainment
[2013.01.18 23:12:50 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Auslogics
[2012.12.16 03:27:35 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\BitTorrent
[2012.12.29 13:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\DAEMON Tools Lite
[2013.01.14 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Downloaded Installations
[2012.12.30 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\DVDVideoSoft
[2012.12.30 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.07 19:20:38 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\FOG Downloader
[2012.01.28 21:38:52 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\GrabPro
[2012.06.24 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\gtk-2.0
[2012.07.19 15:16:25 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Hive Cluster
[2012.03.05 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\ICQ
[2012.03.24 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\inkscape
[2012.06.23 16:25:58 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\IrfanView
[2012.01.31 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\LolClient
[2012.05.24 16:35:57 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\LolClient2
[2012.07.24 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\ManyCam
[2012.12.24 14:34:45 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Might & Magic Heroes VI
[2012.12.04 17:59:59 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Notebook Hardware Control
[2012.05.23 14:14:12 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\OpenCandy
[2012.02.15 23:50:42 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\OpenOffice.org
[2013.01.27 16:20:08 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Orbit
[2012.01.28 21:38:56 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\ProgSense
[2012.04.07 19:03:17 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Rovio
[2013.01.20 00:06:48 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\TS3Client
[2013.01.24 21:13:42 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >
         
Extras:

Code:
ATTFilter
OTL Extras logfile created on: 27.01.2013 16:06:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sven\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,99% Memory free
7,08 Gb Paging File | 1,49 Gb Available in Paging File | 21,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 555,07 Gb Total Space | 315,89 Gb Free Space | 56,91% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,65 Gb Free Space | 49,12% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 69,78 Mb Free Space | 69,78% Space Free | Partition Type: NTFS
Drive G: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SVEN-PC | User Name: Sven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00919CCA-25A1-4144-A42B-BE412D9FE392}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0C76361E-0494-4177-9779-875284185EB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{210DE3A2-B5BD-4691-A85F-8383566C818B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3386370A-19DA-4D47-A359-2B657C4724E4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4313A28D-FD22-4657-8DC9-7FA38B7E9DDB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{485453B5-01BC-4C06-8515-CEE8F45875E7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5528F214-D9D5-4D16-AEF2-BD2FFB07F0E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{56869EC5-3764-4B89-805F-360501CFCFF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BE5CEC6-FB75-4EB7-AB2C-B20A92E3E01A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6AB78F48-F170-4E44-975A-2AA422745031}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6C43BF9B-B558-4D2D-AFE3-4F5EDBCF2332}" = lport=139 | protocol=6 | dir=in | app=system | 
"{83F2EA89-D95C-4917-B00F-16AC9AB70809}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94C611CC-CA54-4823-BE74-CB72FC6FDB56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9827C6E3-22C9-491A-A12F-106283B4D73D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9C41F682-F778-4196-9937-47429A943B92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E4A8327-A7C0-4B31-9F3B-45FF3B30F1AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5ED6975-57C8-48C9-8DEC-0316D4AE80A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9118EEF-4EA6-4043-A70C-34EC68D81A8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E8033735-2CAA-4A11-8C12-B9DE65A4EDB5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F42686A9-1C7E-4AE7-95D5-75D5A1D5B95B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FB4764BC-DFB4-4126-8115-F956C2884CED}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DB5CF5-8D27-429E-AE2C-22A158EC6191}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{09C28986-8AFE-419F-B18F-44E1E4916071}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{14D6CDDE-6CBF-48F1-A17B-5756884DF926}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{17A026CC-0169-4C6F-AB61-4FDE00E28130}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B59F738-CC0D-46D3-ACD2-4114C62F37BB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{1EC11DBF-D70B-42B8-9D35-3E88D141CE6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21555A25-19C5-46F2-8BFE-126AE04A9D50}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{24B4337C-C54F-4EDE-AC20-7E8E553EB5EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35D10986-A59D-42EF-96EE-1FA46C445F70}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3C79BB69-DBC5-4EAF-9EF7-A234347AABF8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4089EC0B-8125-4D67-8CC5-811FC2B5C57B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{454CB394-B616-42D8-8F3B-F7BA462523F5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4649F279-7812-4E68-847D-C9DAA7CF9F41}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{4AEA07C0-C1BB-4E9F-BF71-14E1F38F49B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{545A8668-0288-4F47-BA2D-63C1549E49E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{56016C28-18FD-4A8C-9767-656D83B7ECF6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5798AAC8-D464-4DA7-BB42-C4897640B87A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{57C82FE7-6CDE-41B0-BC6B-8B6CA63F48CB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{58E179AF-F2DC-44B7-BFCD-DCC0DA053F71}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{5A88894F-0F8B-4141-83C0-3448E597166A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C6B9FF8-8C6D-42D3-8AAD-C78F75034BFB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5F16CF6D-F549-475C-B714-2D1C7B695727}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{6AC0CA1C-4545-4092-8BA7-266220B12362}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{74E19707-898B-4960-BC08-2E8F62F511D9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{758479E6-DEF9-4DD0-84A4-390D8B9B8D2F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{7732E6D2-B41A-4E3A-8FF6-462AE59011C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7ABFC30A-CCAD-4DC6-B67A-040AA4E35F17}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{80C198C3-C1DF-49EC-8442-4CC961C99564}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8170DAB0-DE40-4B00-82CA-302849A04052}" = protocol=6 | dir=in | app=c:\users\sven\appdata\local\akamai\netsession_win.exe | 
"{8E199857-CD3B-4C04-88C1-B82D5C3BF0BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{933E8AA8-DD1F-41C2-9AF8-42645A12A232}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{951750B9-AFA2-4D4F-A25B-517742208120}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{95722A59-F1A5-4FBC-BAC2-60A038F2E44D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{99E38EE7-35F0-440E-A4D4-886CAB9DA575}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A228B459-E790-4DE6-B6F0-4593BD7EEFAC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A53E7046-8985-4E98-ABAB-173DA164112D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A5B6AAD2-A62B-459B-9764-84402769886F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{A7B5FF60-22DD-42C0-89D5-152D9CF03056}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAEBA113-A829-4555-A230-81CE1CEE2CCC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{ACECCB5F-6113-4FDC-BB31-2D153B98D6C4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{AECD3692-6377-4349-AB7A-A0B6CA5DC216}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{B472526D-8E9C-4582-AC77-11C38D0A566A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{C618EFE6-B353-4FD6-AFD2-470BEFB742F6}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{C8B6C6DD-22A4-4B50-A1AE-DB3EA7883D3B}" = protocol=6 | dir=out | app=system | 
"{C8D8EA7F-5055-46AE-98D8-16E68532563B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{CE4A782E-98D0-4005-B635-C96CE279ECDC}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{D09CA6B2-2030-46D4-A09E-A49072AD9352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D39426B2-65E6-48FC-8A53-F5CB5E1D4E6F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{D6E01208-0003-41A5-A7E2-1A0FC79B3B82}" = protocol=17 | dir=in | app=c:\users\sven\appdata\local\akamai\netsession_win.exe | 
"{E4639DD7-2334-4AEE-B521-79217BCB4BDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F62DC05A-1E5B-4CEC-99FD-B61E51F6D58B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F98C892A-8F08-4201-A705-B0883CEBDC66}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{09A916AF-20F3-4A3B-84F3-0CFB30810CF9}C:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"TCP Query User{13FE2AE4-4206-49E9-BBC8-FFBDCA6151E1}C:\program files\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\dead space 2\deadspace2.exe | 
"TCP Query User{3A008906-3FC5-44F8-88A3-04D86A4C7862}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{3CF670D5-4451-46B8-87E4-70AF9067CDF9}C:\users\sven\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\sven\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{46B65AA1-D546-4979-ADF4-F25DB8AB6514}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{506DBB25-0ADC-4283-924E-2BFB338654D4}C:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"TCP Query User{6CDEB8F8-B037-494B-BB36-B7FF9AA3456C}C:\games\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\games\portal 2\portal2.exe | 
"TCP Query User{740B6AC2-5D2A-446D-AA36-A4E1532E7FE7}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"TCP Query User{9DD8FA7D-0323-47A6-A90F-C52D0C43B14E}C:\games\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\games\portal 2\portal2.exe | 
"TCP Query User{A0B1AFD6-75CF-489C-A004-BC73952D9423}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{A2D9625B-D904-4541-A798-17C8578A48CA}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{A4F5DB53-9DBA-406B-8F86-A4D2876028E6}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{FD1225FE-9420-4F2A-A1A6-7B79ACE807DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{05012DFB-588B-4A91-8413-EE9DD7F3E655}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{214EB5D1-A1FA-4393-BAEB-B8861853A13D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{36477FE4-9F92-4344-9007-A27B94EF9AA3}C:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"UDP Query User{4671A54E-C7A5-4407-B261-7FC3FA93D2D0}C:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"UDP Query User{64640F4C-746C-4279-AD56-08DBAAA10F45}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{646CFE9D-D3E3-4F8B-BC66-C06BF8C8B47B}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{6CE8F2F2-20E6-4259-A033-BA4FD2465B05}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{70091528-88A4-4283-8E74-F76D347FF76D}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"UDP Query User{946D3084-164C-491E-B289-CD14D3107998}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"UDP Query User{95E5E8CD-BAB6-443F-BEBD-91898AD77ECD}C:\games\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\games\portal 2\portal2.exe | 
"UDP Query User{D72EEA4D-9E7A-4AF1-B8B5-B70BBFF5BBCB}C:\program files\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\dead space 2\deadspace2.exe | 
"UDP Query User{E2305320-DB3A-448E-AC47-05928CEC7297}C:\games\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\games\portal 2\portal2.exe | 
"UDP Query User{EBFB2A34-CA3A-43E5-A0C4-6EC35BBEC701}C:\users\sven\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\sven\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70D3EBFD-C613-49DB-A444-A4BD720DE1E9}" = Linkury Smartbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B014F45E-B71B-4788-8950-BF0A46411DFC}" = S4 League_EU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CB594326-2A81-4B1D-AE5B-AA14FE09B1EE}" = Overwolf
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Ad Muncher" = Ad Muncher v4.93.33707
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ASCII Art - Machine_is1" = ASCII Art - Machine 1.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Cossacks : Back To War" = Cossacks - Back To War
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Earthworm Jim_is1" = Earthworm Jim
"FormatFactory" = FormatFactory 2.90
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"IrfanView" = IrfanView (remove only)
"LOLReplay" = LOLReplay
"ManyCam" = ManyCam 3.0.80 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Orbit_is1" = Orbit Downloader
"Portal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Recuva" = Recuva
"StarCraft II" = StarCraft II
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17300" = Crysis
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2244780475-1715967683-3346739000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 14:44:31 | Computer Name = Sven-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 11.01.2013 09:40:06 | Computer Name = Sven-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.01.2013 09:40:26 | Computer Name = Sven-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 13.01.2013 05:05:26 | Computer Name = Sven-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 15.01.2013 09:53:18 | Computer Name = Sven-PC | Source = Application Hang | ID = 1002
Description = Programm crysis.exe, Version 1.1.1.6156 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 438    Startzeit: 
01cdf326b2842598    Endzeit: 598    Anwendungspfad: C:\Program Files\Steam\steamapps\common\Crysis\bin32\crysis.exe

Berichts-ID:
   
 
Error - 18.01.2013 17:48:05 | Computer Name = Sven-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League Of Legends.exe, Version: 1.0.0.154,
 Zeitstempel: 0x50f5f2eb  Name des fehlerhaften Moduls: League Of Legends.exe, Version:
 1.0.0.154, Zeitstempel: 0x50f5f2eb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003197ea
ID
 des fehlerhaften Prozesses: 0x1968  Startzeit der fehlerhaften Anwendung: 0x01cdf5c54ff71089
Pfad
 der fehlerhaften Anwendung: C:\Users\Sven\Documents\LOLReplay\data\1.0.0.154\League
 Of Legends.exe  Pfad des fehlerhaften Moduls: C:\Users\Sven\Documents\LOLReplay\data\1.0.0.154\League
 Of Legends.exe  Berichtskennung: bd00fedd-61b8-11e2-af03-0022200bbb15
 
Error - 19.01.2013 15:35:06 | Computer Name = Sven-PC | Source = BugSplat | ID = 1
Description = 
 
Error - 22.01.2013 11:06:58 | Computer Name = Sven-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 23.01.2013 11:37:01 | Computer Name = Sven-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.01.2013 11:37:25 | Computer Name = Sven-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 22.07.2012 10:21:12 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:22:52 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:36:58 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:37:31 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:38:05 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:38:35 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:40:29 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:41:06 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:50:57 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.07.2012 10:52:58 | Computer Name = Sven-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
und ich habe das gefühl mien pc ist langsamer geworden und irgendsoeine atiedxx.exe läuft die ich nciht schließen kann also bei den prozessen
__________________

Alt 28.01.2013, 09:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



Hast du noch weitere Logs von Virenscannern (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.01.2013, 13:16   #5
skuj
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



ich hab noch ein logfile gefunden von auslogics boost speed:

Code:
ATTFilter
18.01.2013 21:29:41:914 >> Begin check serial number
18.01.2013 21:29:41:923 -- Process List
18.01.2013 21:29:41:924 [System Process]
18.01.2013 21:29:41:925 System
18.01.2013 21:29:41:925 C:\Windows\System32\smss.exe
18.01.2013 21:29:41:926 C:\Windows\System32\csrss.exe
18.01.2013 21:29:41:926 C:\Windows\System32\wininit.exe
18.01.2013 21:29:41:927 C:\Windows\System32\csrss.exe
18.01.2013 21:29:41:928 C:\Windows\System32\services.exe
18.01.2013 21:29:41:928 C:\Windows\System32\lsass.exe
18.01.2013 21:29:41:929 C:\Windows\System32\lsm.exe
18.01.2013 21:29:41:929 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:930 C:\Windows\System32\winlogon.exe
18.01.2013 21:29:41:930 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:931 C:\Windows\System32\atiesrxx.exe
18.01.2013 21:29:41:931 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:932 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:933 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:933 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:934 C:\Windows\System32\atieclxx.exe
18.01.2013 21:29:41:934 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:935 C:\Windows\System32\spoolsv.exe
18.01.2013 21:29:41:935 C:\Program Files\Avira\AntiVir Desktop\sched.exe
18.01.2013 21:29:41:936 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:937 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:937 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18.01.2013 21:29:41:938 C:\Windows\System32\PnkBstrA.exe
18.01.2013 21:29:41:939 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18.01.2013 21:29:41:940 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:941 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
18.01.2013 21:29:41:941 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
18.01.2013 21:29:41:942 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
18.01.2013 21:29:41:943 C:\Windows\System32\conhost.exe
18.01.2013 21:29:41:944 C:\Windows\System32\SearchIndexer.exe
18.01.2013 21:29:41:945 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:945 C:\Windows\System32\dwm.exe
18.01.2013 21:29:41:946 C:\Windows\System32\taskhost.exe
18.01.2013 21:29:41:947 C:\Windows\explorer.exe
18.01.2013 21:29:41:947 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
18.01.2013 21:29:41:948 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
18.01.2013 21:29:41:949 C:\Program Files\Common Files\Java\Java Update\jusched.exe
18.01.2013 21:29:41:951 C:\Program Files\Ad Muncher\AdMunch.exe
18.01.2013 21:29:41:952 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
18.01.2013 21:29:41:952 C:\Program Files\Windows Sidebar\sidebar.exe
18.01.2013 21:29:41:953 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
18.01.2013 21:29:41:954 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:954 C:\Program Files\Windows Media Player\wmpnetwk.exe
18.01.2013 21:29:41:955 C:\Program Files\Skype\Phone\Skype.exe
18.01.2013 21:29:41:956 C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe
18.01.2013 21:29:41:957 C:\Program Files\Steam\steam.exe
18.01.2013 21:29:41:958 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:959 C:\Program Files\LOLReplay\LOLRecorder.exe
18.01.2013 21:29:41:960 C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe
18.01.2013 21:29:41:960 C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe
18.01.2013 21:29:41:961 C:\Windows\System32\dllhost.exe
18.01.2013 21:29:41:962 C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
18.01.2013 21:29:41:963 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:964 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:965 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:966 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:966 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:967 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:967 C:\Windows\System32\svchost.exe
18.01.2013 21:29:41:968 C:\Program Files\Common Files\Steam\SteamService.exe
18.01.2013 21:29:41:969 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:969 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:970 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:970 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:971 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:971 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:972 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:973 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:973 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:974 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:975 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:976 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:976 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:977 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:977 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:978 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:978 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:979 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:980 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:980 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:981 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:981 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:982 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:982 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:983 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:984 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:984 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:985 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
18.01.2013 21:29:41:985 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:986 C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exe
18.01.2013 21:29:41:987 C:\Windows\System32\taskhost.exe
18.01.2013 21:29:41:987 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18.01.2013 21:29:41:988 C:\Program Files\Mozilla Firefox\firefox.exe
18.01.2013 21:29:41:989 C:\Program Files\Mozilla Firefox\plugin-container.exe
18.01.2013 21:29:41:990 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
18.01.2013 21:29:41:992 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
18.01.2013 21:29:41:993 C:\Windows\System32\WUDFHost.exe
18.01.2013 21:29:41:993 C:\Users\Sven\Desktop\Notebook Hardware Control 2.4.3\nhc.exe
18.01.2013 21:29:41:994 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
18.01.2013 21:29:41:995 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:29:41:995 C:\Program Files\Orbitdownloader\orbitdm.exe
18.01.2013 21:29:41:996 C:\Program Files\Orbitdownloader\orbitnet.exe
18.01.2013 21:29:41:996 audiodg.exe
18.01.2013 21:29:41:997 C:\Windows\System32\SearchProtocolHost.exe
18.01.2013 21:29:42:001 C:\Windows\System32\SearchFilterHost.exe
18.01.2013 21:29:42:002 C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
18.01.2013 21:29:42:003 C:\Windows\System32\wbem\WmiPrvSE.exe
18.01.2013 21:29:42:004 C:\Windows\System32\wbem\WmiApSrv.exe
18.01.2013 21:29:42:005 -- Process List
18.01.2013 21:29:42:006 Version is not registered
18.01.2013 21:29:42:006 << End check serial number
18.01.2013 21:46:29:961 >> Begin check serial number
18.01.2013 21:46:29:981 -- Process List
18.01.2013 21:46:29:982 [System Process]
18.01.2013 21:46:29:983 System
18.01.2013 21:46:29:984 C:\Windows\System32\smss.exe
18.01.2013 21:46:29:985 C:\Windows\System32\csrss.exe
18.01.2013 21:46:29:986 C:\Windows\System32\wininit.exe
18.01.2013 21:46:29:986 C:\Windows\System32\csrss.exe
18.01.2013 21:46:29:987 C:\Windows\System32\services.exe
18.01.2013 21:46:29:988 C:\Windows\System32\lsass.exe
18.01.2013 21:46:29:989 C:\Windows\System32\lsm.exe
18.01.2013 21:46:29:990 C:\Windows\System32\svchost.exe
18.01.2013 21:46:29:991 C:\Windows\System32\winlogon.exe
18.01.2013 21:46:29:991 C:\Windows\System32\svchost.exe
18.01.2013 21:46:29:992 C:\Windows\System32\atiesrxx.exe
18.01.2013 21:46:29:993 C:\Windows\System32\svchost.exe
18.01.2013 21:46:29:993 C:\Windows\System32\svchost.exe
18.01.2013 21:46:29:994 C:\Windows\System32\svchost.exe
18.01.2013 21:46:29:995 C:\Windows\System32\svchost.exe
18.01.2013 21:46:29:995 C:\Windows\System32\atieclxx.exe
18.01.2013 21:46:29:996 C:\Windows\System32\svchost.exe
18.01.2013 21:46:29:997 C:\Windows\System32\spoolsv.exe
18.01.2013 21:46:29:998 C:\Program Files\Avira\AntiVir Desktop\sched.exe
18.01.2013 21:46:29:999 C:\Windows\System32\svchost.exe
18.01.2013 21:46:30:000 C:\Windows\System32\svchost.exe
18.01.2013 21:46:30:000 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18.01.2013 21:46:30:001 C:\Windows\System32\PnkBstrA.exe
18.01.2013 21:46:30:002 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18.01.2013 21:46:30:003 C:\Windows\System32\svchost.exe
18.01.2013 21:46:30:004 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
18.01.2013 21:46:30:005 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
18.01.2013 21:46:30:005 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
18.01.2013 21:46:30:006 C:\Windows\System32\conhost.exe
18.01.2013 21:46:30:006 C:\Windows\System32\SearchIndexer.exe
18.01.2013 21:46:30:007 C:\Windows\System32\svchost.exe
18.01.2013 21:46:30:008 C:\Windows\System32\dwm.exe
18.01.2013 21:46:30:009 C:\Windows\System32\taskhost.exe
18.01.2013 21:46:30:010 C:\Windows\explorer.exe
18.01.2013 21:46:30:011 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
18.01.2013 21:46:30:012 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
18.01.2013 21:46:30:013 C:\Program Files\Common Files\Java\Java Update\jusched.exe
18.01.2013 21:46:30:014 C:\Program Files\Ad Muncher\AdMunch.exe
18.01.2013 21:46:30:015 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
18.01.2013 21:46:30:015 C:\Program Files\Windows Sidebar\sidebar.exe
18.01.2013 21:46:30:016 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
18.01.2013 21:46:30:017 C:\Windows\System32\svchost.exe
18.01.2013 21:46:30:018 C:\Program Files\Windows Media Player\wmpnetwk.exe
18.01.2013 21:46:30:019 C:\Program Files\Skype\Phone\Skype.exe
18.01.2013 21:46:30:020 C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe
18.01.2013 21:46:30:021 C:\Program Files\Steam\steam.exe
18.01.2013 21:46:30:022 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:023 C:\Program Files\LOLReplay\LOLRecorder.exe
18.01.2013 21:46:30:024 C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe
18.01.2013 21:46:30:024 C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe
18.01.2013 21:46:30:025 C:\Windows\System32\dllhost.exe
18.01.2013 21:46:30:027 C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
18.01.2013 21:46:30:028 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:029 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:030 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:031 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:032 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:033 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:034 C:\Windows\System32\svchost.exe
18.01.2013 21:46:30:035 C:\Program Files\Common Files\Steam\SteamService.exe
18.01.2013 21:46:30:036 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:037 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:038 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:039 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:040 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:041 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:042 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:043 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:043 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:044 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:045 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:046 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:050 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:051 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:052 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:053 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:054 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:055 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:056 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:057 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:058 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:059 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:060 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:061 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:061 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:062 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:063 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:064 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
18.01.2013 21:46:30:065 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:066 C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exe
18.01.2013 21:46:30:067 C:\Windows\System32\taskhost.exe
18.01.2013 21:46:30:068 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18.01.2013 21:46:30:069 C:\Program Files\Mozilla Firefox\firefox.exe
18.01.2013 21:46:30:069 C:\Program Files\Mozilla Firefox\plugin-container.exe
18.01.2013 21:46:30:070 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
18.01.2013 21:46:30:071 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
18.01.2013 21:46:30:072 C:\Windows\System32\WUDFHost.exe
18.01.2013 21:46:30:073 C:\Users\Sven\Desktop\Notebook Hardware Control 2.4.3\nhc.exe
18.01.2013 21:46:30:074 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
18.01.2013 21:46:30:075 audiodg.exe
18.01.2013 21:46:30:076 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:077 C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe
18.01.2013 21:46:30:077 C:\Windows\System32\taskeng.exe
18.01.2013 21:46:30:079 C:\Users\Sven\AppData\Roaming\Orbit\AdConfig\tips\need\WinRAR.exe
18.01.2013 21:46:30:080 C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
18.01.2013 21:46:30:081 C:\Windows\System32\wbem\WmiPrvSE.exe
18.01.2013 21:46:30:082 C:\Windows\System32\wbem\WmiApSrv.exe
18.01.2013 21:46:30:083 C:\Windows\System32\wbem\WmiPrvSE.exe
18.01.2013 21:46:30:084 -- Process List
18.01.2013 21:46:30:160 Load data. Cannot open reg key "80000001:\Software\Auslogics\Activation System". Error: 0x000000A1. Message: Der angegebene Pfadname ist ungültig
18.01.2013 21:46:30:161 Load data from registry (80000001). DateActivation: 30.12.1899; IsActivated: False; IsSubscription: False; DayExpired: 365; DateLastCheck: 30.12.1899; RequestCount: 0; RequestKeyValid: $00000000; NeedShowDialog: $00000000; RequestDayExpired: 365, 365, 365, 365, 365, 365.
18.01.2013 21:46:30:162 Load data. Cannot open reg key "80000002:\Software\Auslogics\Activation System". Error: 0x000000A1. Message: Der angegebene Pfadname ist ungültig
18.01.2013 21:46:30:162 Load data from registry (80000002). DateActivation: 30.12.1899; IsActivated: False; IsSubscription: False; DayExpired: 365; DateLastCheck: 30.12.1899; RequestCount: 0; RequestKeyValid: $00000000; NeedShowDialog: $00000000; RequestDayExpired: 365, 365, 365, 365, 365, 365.
18.01.2013 21:46:30:171 Begin server request. Activation Status: 0. Serial Number: .
18.01.2013 21:46:30:172 End server request. Activation Status: 0; Result: ERROR; Reason: KEY_NOT_FOUND; KeyType: ; Expires: .
18.01.2013 21:46:30:172 Save data to registry (80000001). DateActivation: 18.01.2013 21:46:30; IsActivated: False; IsSubscription: False; DayExpired: 365; DateLastCheck: 18.01.2013 21:46:30; RequestCount: 1; RequestKeyValid: $00000000; NeedShowDialog: $00000000; RequestDayExpired: 365, 365, 365, 365, 365, 365.
18.01.2013 21:46:30:231 << End check serial number
19.01.2013 01:23:16:974 >> Begin check trial
19.01.2013 01:23:17:630 Load data from "80000001:\Software\Auslogics\Activation System\BoostSpeed.5.x". Exists: True. Type: rdBinary.
19.01.2013 01:23:18:099 Load data from registry (80000001). DateActivation: 18.01.2013 21:46:30; IsActivated: False; IsSubscription: False; DayExpired: 365; DateLastCheck: 18.01.2013 21:46:30; RequestCount: 1; RequestKeyValid: $00000000; NeedShowDialog: $00000000; RequestDayExpired: 365, 365, 365, 365, 365, 365.
19.01.2013 01:23:18:190 Check goto trial. DateActivation: 18.01.2013 21:46:30; IsActivated: False; IsSubscription: False; DayExpired: 365; DateLastCheck: 18.01.2013 21:46:30; RequestCount: 1; RequestKeyValid: $00000000; NeedShowDialog: $00000000; RequestDayExpired: 365, 365, 365, 365, 365, 365.
19.01.2013 01:23:18:190 Save data to registry (80000001). DateActivation: 18.01.2013 21:46:30; IsActivated: False; IsSubscription: False; DayExpired: 365; DateLastCheck: 18.01.2013 21:46:30; RequestCount: 1; RequestKeyValid: $00000000; NeedShowDialog: $00000000; RequestDayExpired: 365, 365, 365, 365, 365, 365.
19.01.2013 01:23:18:191 << End check trial
         


Alt 28.01.2013, 13:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



Das ist kein Virenscanner!
Gab es nun noch andere Funde oder nicht?
__________________
--> Tastatur spinnt und macht mit jeder taste etwas anderes auf

Alt 29.01.2013, 18:06   #7
skuj
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



nciht das ich wüsste aber ich hab schon lang keinen avira scan gemacht

Alt 29.01.2013, 20:01   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tastatur spinnt und macht mit jeder taste etwas anderes auf - Standard

Tastatur spinnt und macht mit jeder taste etwas anderes auf



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Tastatur spinnt und macht mit jeder taste etwas anderes auf
anderes, befehl, beitrag, einiger, falsch, klicke, laptop, modus, problem, programme, spinn, spinnt, switch, tastatur, tastatur spinnt, taste, troja, trojaner, win, win7, öffnen



Ähnliche Themen: Tastatur spinnt und macht mit jeder taste etwas anderes auf


  1. Ist das ein Virus oder etwas anderes? Mit Bild.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (11)
  2. Tastatur spinnt
    Plagegeister aller Art und deren Bekämpfung - 30.04.2015 (3)
  3. Tastatur spinnt
    Netzwerk und Hardware - 21.06.2014 (10)
  4. Tastatur spinnt
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (5)
  5. Keylogger oder etwas Anderes 2.0
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (7)
  6. Keylogger oder etwas Anderes ?
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (1)
  7. Tastatur spinnt!
    Log-Analyse und Auswertung - 24.10.2013 (5)
  8. Trojaner oder etwas anderes?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (11)
  9. Virus, Wurm oder etwas anderes?
    Log-Analyse und Auswertung - 11.10.2009 (1)
  10. Trojaner Vundo oder etwas anderes?
    Plagegeister aller Art und deren Bekämpfung - 18.10.2008 (8)
  11. verseuchung oder doch etwas anderes?
    Log-Analyse und Auswertung - 06.12.2007 (5)
  12. shift taste spinnt
    Plagegeister aller Art und deren Bekämpfung - 05.08.2006 (3)
  13. Start Taste macht Ärger!!!
    Alles rund um Windows - 03.02.2006 (2)
  14. WinFIX ?? oder etwas anderes??????
    Plagegeister aller Art und deren Bekämpfung - 22.01.2006 (7)
  15. Habe Dialer oder etwas anderes :(
    Log-Analyse und Auswertung - 28.04.2005 (6)
  16. Ein etwas anderes Problem mit den se.dll trojaner
    Log-Analyse und Auswertung - 20.03.2005 (4)
  17. Etwas anderes about:blank Problemchen...?...
    Log-Analyse und Auswertung - 21.01.2005 (19)

Zum Thema Tastatur spinnt und macht mit jeder taste etwas anderes auf - hallo ich habe schon seit einiger zeit ein problem mit meinem laptop (win7), und zwar passiert es manchmal, dass er sozusagen in einen modus switcht in dem jeder taste auf - Tastatur spinnt und macht mit jeder taste etwas anderes auf...
Archiv
Du betrachtest: Tastatur spinnt und macht mit jeder taste etwas anderes auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.