Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Internet langsamer, 2 sekündige leistungseinbrüche im system

Internet langsamer, 2 sekündige leistungseinbrüche im system


Log-Analyse und Auswertung: Internet langsamer, 2 sekündige leistungseinbrüche im system

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.03.2013, 14:52   #1
Kawummm
 
Internet langsamer, 2 sekündige leistungseinbrüche im system - Standard

Internet langsamer, 2 sekündige leistungseinbrüche im system


Kaspersky hat nichts gefunden, malwarebytes anti-amlware hat auch nichts gefunden...
Aber irgentwie bezweifel ich das mit dem System alles in Ordnung ist. Hab zwischenzeitlich alles an Programmen runtergeschmissen was nicht zwangsläufig brauche. Hab mit OTL mehrmals gescannt aber die Extra-datei hat er nur beim ersten mal erstellt.


Code:
ATTFilter
OTL logfile created on: 09.03.2013 14:22:22 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\musterman\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,04 Gb Available Physical Memory | 87,87% Memory free
31,95 Gb Paging File | 30,17 Gb Available in Paging File | 94,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,97 Gb Total Space | 187,73 Gb Free Space | 64,08% Space Free | Partition Type: NTFS
Drive D: | 5,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 638,54 Gb Total Space | 638,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 931,41 Gb Total Space | 373,32 Gb Free Space | 40,08% Space Free | Partition Type: NTFS
 
Computer Name: WALTRAUD | User Name: musterman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.09 04:07:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\musterman\Desktop\OTL.exe
PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.29 13:12:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.10.27 10:21:29 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\musterman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 08:21:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.18 13:35:49 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013.01.18 13:35:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013.01.17 06:26:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.17 06:26:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.17 06:25:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.17 06:25:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.17 06:25:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.17 06:25:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.17 06:25:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.04.24 22:13:30 | 007,008,656 | ---- | M] () -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 22:13:28 | 000,192,912 | ---- | M] () -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 22:13:26 | 001,270,160 | ---- | M] () -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 22:13:26 | 000,758,160 | ---- | M] () -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 22:13:24 | 002,118,032 | ---- | M] () -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 22:13:24 | 002,089,360 | ---- | M] () -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 18:56:28 | 000,025,088 | ---- | M] () -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.29 13:12:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.09.23 16:04:51 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.10.29 13:12:56 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.14 17:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.09.14 17:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.08.27 18:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.08.10 10:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C B9 DB 70 8E 09 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 13:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 13:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.29 13:13:09 | 000,000,000 | ---D | M]
 
[2012.05.12 14:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\musterman\AppData\Roaming\mozilla\Extensions
[2012.10.28 11:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\musterman\AppData\Roaming\mozilla\Firefox\Profiles\5uzon9z5.default\extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\musterman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 20
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - f:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - f:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53490300-55C7-4A60-BD34-F1497A19F73A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4e5b0823-5731-11e1-b4f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4e5b0823-5731-11e1-b4f7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.09 14:02:18 | 000,000,000 | ---D | C] -- C:\Users\musterman\Desktop\Neuer Ordner (2)
[2013.03.09 13:30:49 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\musterman\Desktop\aswMBR.exe
[2013.03.09 04:07:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\musterman\Desktop\OTL.exe
[2013.03.09 04:03:09 | 000,000,000 | ---D | C] -- C:\Users\musterman\Desktop\ccsetup328
[2013.03.09 03:59:39 | 000,000,000 | ---D | C] -- C:\Users\musterman\AppData\Roaming\Malwarebytes
[2013.03.09 03:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 03:59:21 | 000,000,000 | ---D | C] -- C:\Users\musterman\AppData\Local\Programs
[2013.03.09 03:58:41 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\musterman\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.09 00:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.08 17:35:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\musterman\Desktop\HiJackThis204.exe
[2013.03.06 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\musterman\Desktop\simc-520-1-win32
[2013.02.13 19:43:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.11 18:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.09 14:15:11 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 14:15:11 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 14:13:08 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.09 14:13:08 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.09 14:13:08 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.09 14:13:08 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.09 14:13:08 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.09 14:07:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.09 14:07:46 | 4275,281,918 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.09 13:50:23 | 000,000,000 | ---- | M] () -- C:\Users\musterman\defogger_reenable
[2013.03.09 13:48:00 | 000,377,856 | ---- | M] () -- C:\Users\musterman\Desktop\0l1lj23z.exe
[2013.03.09 13:43:24 | 000,050,477 | ---- | M] () -- C:\Users\musterman\Desktop\Defogger.exe
[2013.03.09 13:32:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\musterman\Desktop\aswMBR.exe
[2013.03.09 04:44:49 | 111,691,960 | ---- | M] () -- C:\Users\musterman\Desktop\avast_free_antivirus_setup_8.0.1483.72.exe
[2013.03.09 04:32:40 | 000,000,016 | ---- | M] () -- C:\Users\musterman\AppData\Roaming\mbam.context.scan
[2013.03.09 04:07:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\musterman\Desktop\OTL.exe
[2013.03.09 04:03:04 | 003,966,888 | ---- | M] () -- C:\Users\musterman\Desktop\ccsetup328.zip
[2013.03.09 03:58:54 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\musterman\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.08 17:35:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\musterman\Desktop\HiJackThis204.exe
[2013.03.08 01:29:52 | 000,007,607 | ---- | M] () -- C:\Users\musterman\AppData\Local\Resmon.ResmonCfg
[2013.03.06 01:19:54 | 000,090,622 | ---- | M] () -- C:\Users\musterman\Desktop\149889_PeterPfanne_1.jpg
[2013.03.04 14:48:49 | 000,021,780 | ---- | M] () -- C:\Users\musterman\Desktop\1-s2.0-S0090429507003652-gr2.jpg
[2013.02.28 21:19:49 | 000,080,160 | ---- | M] () -- C:\Users\musterman\Desktop\8.jpg
[2013.02.25 23:09:59 | 000,033,144 | ---- | M] () -- C:\Users\musterman\Desktop\7.jpg
[2013.02.25 22:53:20 | 000,435,402 | ---- | M] () -- C:\Users\musterman\Desktop\6.jpg
[2013.02.25 22:13:46 | 000,221,009 | ---- | M] () -- C:\Users\musterman\Desktop\joa.jpg
[2013.02.25 15:39:12 | 000,505,823 | ---- | M] () -- C:\Users\musterman\Desktop\5.jpg
[2013.02.24 20:32:40 | 000,469,388 | ---- | M] () -- C:\Users\musterman\Desktop\4.jpg
[2013.02.22 22:47:42 | 000,421,844 | ---- | M] () -- C:\Users\musterman\Desktop\2.jpg
[2013.02.22 20:59:57 | 000,425,038 | ---- | M] () -- C:\Users\musterman\Desktop\1.jpg
[2013.02.21 02:40:45 | 000,281,603 | ---- | M] () -- C:\Users\musterman\Desktop\albino.jpg
[2013.02.14 08:20:09 | 000,344,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
 
========== Files Created - No Company Name ==========
 
[2013.03.09 13:50:23 | 000,000,000 | ---- | C] () -- C:\Users\musterman\defogger_reenable
[2013.03.09 13:48:00 | 000,377,856 | ---- | C] () -- C:\Users\musterman\Desktop\0l1lj23z.exe
[2013.03.09 13:43:24 | 000,050,477 | ---- | C] () -- C:\Users\musterman\Desktop\Defogger.exe
[2013.03.09 04:41:53 | 111,691,960 | ---- | C] () -- C:\Users\musterman\Desktop\avast_free_antivirus_setup_8.0.1483.72.exe
[2013.03.09 04:32:40 | 000,000,016 | ---- | C] () -- C:\Users\musterman\AppData\Roaming\mbam.context.scan
[2013.03.09 04:02:59 | 003,966,888 | ---- | C] () -- C:\Users\musterman\Desktop\ccsetup328.zip
[2013.03.08 01:29:52 | 000,007,607 | ---- | C] () -- C:\Users\musterman\AppData\Local\Resmon.ResmonCfg
[2013.03.06 01:19:54 | 000,090,622 | ---- | C] () -- C:\Users\musterman\Desktop\149889_PeterPfanne_1.jpg
[2013.03.04 14:48:49 | 000,021,780 | ---- | C] () -- C:\Users\musterman\Desktop\1-s2.0-S0090429507003652-gr2.jpg
[2013.02.28 21:19:49 | 000,080,160 | ---- | C] () -- C:\Users\musterman\Desktop\8.jpg
[2013.02.26 11:05:16 | 000,221,009 | ---- | C] () -- C:\Users\musterman\Desktop\joa.jpg
[2013.02.26 03:59:47 | 001,957,177 | ---- | C] () -- C:\Users\musterman\Desktop\naja.JPG
[2013.02.25 23:09:59 | 000,033,144 | ---- | C] () -- C:\Users\musterman\Desktop\7.jpg
[2013.02.25 22:53:20 | 000,435,402 | ---- | C] () -- C:\Users\musterman\Desktop\6.jpg
[2013.02.25 15:39:12 | 000,505,823 | ---- | C] () -- C:\Users\musterman\Desktop\5.jpg
[2013.02.24 20:32:40 | 000,469,388 | ---- | C] () -- C:\Users\musterman\Desktop\4.jpg
[2013.02.22 22:47:42 | 000,421,844 | ---- | C] () -- C:\Users\musterman\Desktop\2.jpg
[2013.02.22 20:59:56 | 000,425,038 | ---- | C] () -- C:\Users\musterman\Desktop\1.jpg
[2013.02.21 02:40:45 | 000,281,603 | ---- | C] () -- C:\Users\musterman\Desktop\albino.jpg
[2012.12.08 01:41:48 | 000,003,584 | ---- | C] () -- C:\Users\musterman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.14 12:15:51 | 000,036,625 | ---- | C] () -- C:\Users\musterman\AppData\Local\recently-used.xbel
[2012.06.16 18:54:36 | 000,017,408 | ---- | C] () -- C:\Users\musterman\AppData\Local\WebpageIcons.db
[2012.03.26 13:42:07 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.28 16:09:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.28 16:09:52 | 000,031,099 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.29 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\musterman\AppData\Roaming\.minecraft
[2012.05.10 19:47:28 | 000,000,000 | ---D | M] -- C:\Users\musterman\AppData\Roaming\ALT.minecraft
[2012.09.23 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\musterman\AppData\Roaming\ICQ
[2012.05.10 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\musterman\AppData\Roaming\Opera
[2013.02.28 18:33:07 | 000,000,000 | ---D | M] -- C:\Users\musterman\AppData\Roaming\Spotify
[2013.03.09 04:57:46 | 000,000,000 | ---D | M] -- C:\Users\musterman\AppData\Roaming\TS3Client
[2012.05.10 23:24:27 | 000,000,000 | ---D | M] -- C:\Users\musterman\AppData\Roaming\ts3overlay
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\Users\musterman\Documents\desktop.ini:gs5sys

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 09.03.2013 04:07:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\musterman\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 11,35 Gb Available Physical Memory | 71,04% Memory free
31,95 Gb Paging File | 26,65 Gb Available in Paging File | 83,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,97 Gb Total Space | 187,53 Gb Free Space | 64,01% Space Free | Partition Type: NTFS
Drive D: | 5,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 638,54 Gb Total Space | 638,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 931,41 Gb Total Space | 373,27 Gb Free Space | 40,08% Space Free | Partition Type: NTFS
 
Computer Name: WALTRAUD | User Name: musterman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- F:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- F:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "f:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "f:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "f:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "f:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096E2D65-0586-4260-A455-0A815D7C0A21}" = protocol=6 | dir=in | app=f:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{0A387FA4-0391-458F-A111-15E55CE6FF8C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe | 
"{1405EE13-ADD1-4F5C-AEA3-4DB93BB9F615}" = protocol=6 | dir=in | app=f:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{1BE43257-38AA-4532-A194-F6171702D84B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{1D33C657-8376-42BA-A230-B8A2396C55C7}" = protocol=17 | dir=in | app=f:\program files (x86)\torchlight 2\torchlight2.exe | 
"{331C32F9-7BCD-40B8-8CFD-E56D072E2163}" = protocol=6 | dir=in | app=f:\program files (x86)\diablo iii\diablo iii.exe | 
"{3323E32C-7D18-4136-A424-E48DAB002350}" = protocol=6 | dir=in | app=f:\program files (x86)\icq7m\icq.exe | 
"{384A4EBF-4C90-4070-9D79-2384CD2C57A7}" = protocol=6 | dir=in | app=f:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{41BEB28C-6ED7-4C9F-A5D5-AF7A76CA986A}" = protocol=17 | dir=in | app=f:\program files (x86)\opera\opera.exe | 
"{46E63EA2-671B-4914-84FE-08A570FC80D5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{4A034E32-700D-42AD-B8B8-E328862EC5DB}" = protocol=6 | dir=in | app=f:\program files (x86)\torchlight 2\tl2.runic.launcher.exe | 
"{541FABFD-3B8A-403C-B9D8-F4C966746165}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.patch.exe | 
"{59626208-60FA-4C9C-84DD-7E5C43FDFAFC}" = protocol=17 | dir=in | app=f:\program files (x86)\diablo iii\diablo iii.exe | 
"{5D4FBCCE-ECC5-4614-9F8C-25C0A2C84ADA}" = protocol=6 | dir=in | app=f:\program files (x86)\torchlight 2\torchlight2.exe | 
"{6E66A39F-9CA4-4CD3-B6AF-5B388805D775}" = protocol=17 | dir=in | app=f:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{70CE5AA3-A9E1-4F49-91AC-4D23E2C66B94}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8DEDA93B-2717-4BFD-AB36-0249D8349D1A}" = protocol=6 | dir=in | app=f:\program files (x86)\opera\opera.exe | 
"{8FC434C6-2249-472B-AE15-79CE1C4F1EFE}" = protocol=17 | dir=in | app=f:\program files (x86)\icq7m\icq.exe | 
"{9875D7B3-7B4C-4390-BE2B-1A5A96B6CCC0}" = protocol=17 | dir=in | app=f:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{98BEE4D0-E7C7-4C31-8399-E5C2AB1F7669}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{9C56F393-FFCB-4C97-857F-B4CE738589E9}" = protocol=17 | dir=in | app=f:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{9E871330-7A75-4BCC-AFE7-1F2BC5B24520}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe | 
"{A0E6F157-D6E3-4CE1-914C-0D199F13B544}" = protocol=17 | dir=in | app=f:\program files (x86)\icq7m\icq.exe | 
"{AF7AAE13-A6A7-4F4F-B0F7-A8C6A0FCBC66}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{B448CD7F-740C-439E-BC53-1E60DBB47527}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B7EB1072-F030-49C4-921C-8CD2DF37931F}" = protocol=17 | dir=in | app=f:\program files (x86)\opera\opera.exe | 
"{B8EAA5D2-D197-4E41-A5D4-59B5C48342E1}" = protocol=6 | dir=in | app=f:\program files (x86)\opera\opera.exe | 
"{C16EA6A6-122F-41B0-A2B6-5550F611F3DC}" = protocol=17 | dir=in | app=f:\program files (x86)\torchlight 2\tl2.runic.launcher.exe | 
"{C6263608-36B0-4EBB-9D96-29B34CDDA783}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.patch.exe | 
"{C668FC9F-CF3F-4653-9EC7-E6B06B6B325F}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe | 
"{CDE10070-1604-406E-B2D5-982FA3048EAB}" = protocol=6 | dir=in | app=f:\program files (x86)\icq7m\icq.exe | 
"{FF3A3504-F2B4-4B04-AD64-CEDF8B7379BB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{10F78BAE-2F8A-4277-B507-9C02F193D3BB}F:\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=f:\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{1ABDC935-C90C-4853-B7FA-F27BA74E5998}F:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{3A03B9F0-0565-43C6-86DF-533F8B641A7F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{3BCB26DC-189B-4A0D-94EB-7B078756629C}F:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe | 
"TCP Query User{6A2112EE-6186-47EC-9E2F-E2122A91621F}C:\users\musterman\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\musterman\desktop\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{800D58C0-9B84-4200-9C4A-E1BADD47A703}C:\users\musterman\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\musterman\desktop\starcraft_2_eu_de-de.exe | 
"TCP Query User{83024E44-8B9F-4BE1-8CAC-235481C79544}C:\users\musterman\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\musterman\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F1243914-F483-4A7B-A1D0-609C1EC2216A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{1CB4F6AF-E648-42DA-AEA5-C84DBA940249}F:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe | 
"UDP Query User{328D86E7-5345-4470-AAF5-E4C72A7BE66A}C:\users\musterman\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\musterman\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{535D9885-171C-4E09-89B7-236B12DB1295}F:\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=f:\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{731FBD6A-5C6A-4996-890C-FBD1BD959737}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{9515278A-E0EC-4853-9825-92F6F81C16B0}C:\users\musterman\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\musterman\desktop\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{A42DBF0E-FEC4-4FFF-B9C8-51BE54D37E6D}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{E675AE37-02E9-482C-9281-BB75C0E1E0CA}C:\users\musterman\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\musterman\desktop\starcraft_2_eu_de-de.exe | 
"UDP Query User{FC3F79E6-C7E6-4A01-951B-878A2EA22011}F:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}" = Torchlight 2
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B430D9F-FFDF-4400-AF49-34DC412EFD0C}" = Path of Exile
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Diablo III" = Diablo III
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 12.14.1738" = Opera 12.14
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.03.2013 03:18:26 | Computer Name = Waltraud | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.03.2013 03:49:35 | Computer Name = Waltraud | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.03.2013 06:38:01 | Computer Name = Waltraud | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.03.2013 17:52:29 | Computer Name = Waltraud | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.03.2013 05:39:47 | Computer Name = Waltraud | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2013 09:54:57 | Computer Name = Waltraud | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2013 13:16:38 | Computer Name = Waltraud | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 07:11:31 | Computer Name = Waltraud | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 08:00:06 | Computer Name = Waltraud | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.03.2013 09:43:17 | Computer Name = Waltraud | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 19.10.2012 06:09:10 | Computer Name = Waltraud | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.139.124.0)
 
Error - 25.10.2012 07:56:30 | Computer Name = Waltraud | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?10.?2012 um 11:53:53 unerwartet heruntergefahren.
 
Error - 27.10.2012 10:15:44 | Computer Name = Waltraud | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?10.?2012 um 13:40:47 unerwartet heruntergefahren.
 
Error - 08.11.2012 06:55:58 | Computer Name = Waltraud | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?11.?2012 um 04:49:08 unerwartet heruntergefahren.
 
Error - 18.11.2012 04:22:57 | Computer Name = Waltraud | Source = DCOM | ID = 10010
Description = 
 
Error - 20.11.2012 05:28:02 | Computer Name = Waltraud | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 20.11.2012 05:28:03 | Computer Name = Waltraud | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%-2147416365
 
Error - 24.11.2012 09:54:57 | Computer Name = Waltraud | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?11.?2012 um 14:12:04 unerwartet heruntergefahren.
 
Error - 25.11.2012 18:52:07 | Computer Name = Waltraud | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.11.2012 18:52:27 | Computer Name = Waltraud | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
 
< End of report >
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-09 14:21:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.05.0 931,51GB
Running: 0l1lj23z.exe; Driver: C:\Users\musterman\AppData\Local\Temp\kwlyqpow.sys


---- User code sections - GMER 2.1 ----

.text  F:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  0000000077ae0018 5 bytes JMP 000000016ac91765

---- EOF - GMER 2.1 ----
Geändert von Kawummm (09.03.2013 um 14:54 Uhr) Grund: mein name stand noch drin im dateipfad

 

Themen zu Internet langsamer, 2 sekündige leistungseinbrüche im system
antivirus, battle.net, bho, ccsetup, curse, defender, error, firefox, flash player, format, hijack, hijackthis, home, install.exe, internet, kaspersky, logfile, monitor.exe, ntdll.dll, realtek, registry, rundll, security, senden, spotify web helper, system, tastatur, teamspeak, udp, updates, warnung, windows, wrapper


« Programme öffnen nur sehr langsam | unter anderem TR/Agent.249856.76 - angebliche Mahnung im Mailanhang infiziert Rechner mit Trojaner »


Ähnliche Themen: Internet langsamer, 2 sekündige leistungseinbrüche im system


  1. Internet wird langsamer
    Plagegeister aller Art und deren Bekämpfung - 17.11.2015 (10)
  2. Häufig Lags, Leistungseinbrüche/Freeze, Blaue DRVSTORE Datei in system32.
    Plagegeister aller Art und deren Bekämpfung - 21.07.2015 (12)
  3. Windows 7 Internet klappt teilweise nicht, Maus springt, Leistungseinbrüche
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (19)
  4. Internet wird langsamer
    Log-Analyse und Auswertung - 17.01.2014 (21)
  5. Windows 8.1 / Zuvor Sporadische nun dauerhafte Leistungseinbrüche
    Mülltonne - 20.12.2013 (0)
  6. Langsamer/s Rechner/Internet
    Plagegeister aller Art und deren Bekämpfung - 07.08.2013 (6)
  7. Internet wesentlich langsamer
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (6)
  8. Internet langsamer geworden
    Log-Analyse und Auswertung - 12.07.2010 (11)
  9. Internet geht nur ab und zu / System langsamer -> Vorher Virus-Fund
    Log-Analyse und Auswertung - 20.06.2010 (2)
  10. leistungseinbrüche beim spielen
    Log-Analyse und Auswertung - 16.03.2010 (1)
  11. Internet wird langsamer
    Log-Analyse und Auswertung - 14.02.2010 (13)
  12. Internet langsamer geworden
    Log-Analyse und Auswertung - 24.12.2009 (3)
  13. Internet Langsamer
    Log-Analyse und Auswertung - 02.09.2009 (6)
  14. PC - System spürbar langsamer!?!
    Log-Analyse und Auswertung - 20.07.2009 (8)
  15. Internet auf einmal langsamer
    Plagegeister aller Art und deren Bekämpfung - 18.09.2007 (1)
  16. Internet langsamer als bei Techniker
    Log-Analyse und Auswertung - 25.07.2007 (2)
  17. System win 98 wird immer langsamer
    Plagegeister aller Art und deren Bekämpfung - 15.11.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internet langsamer, 2 sekündige leistungseinbrüche im system - Kaspersky hat nichts gefunden, malwarebytes anti-amlware hat auch nichts gefunden... Aber irgentwie bezweifel ich das mit dem System alles in Ordnung ist. Hab zwischenzeitlich alles an Programmen runtergeschmissen was nicht - Internet langsamer, 2 sekündige leistungseinbrüche im system...
Archiv
Du betrachtest: Internet langsamer, 2 sekündige leistungseinbrüche im system auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131