Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: cmd.exe belastet 30-40% der CPU-Auslastung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.04.2014, 17:24   #1
ZamiZez
 
cmd.exe belastet 30-40% der CPU-Auslastung - Standard

cmd.exe belastet 30-40% der CPU-Auslastung



Schönen guten Tag,

habe heute nach dem Spiele festgestellt das meine CPU nach beenden der Spiele immer zu 30-40% ausgelastet ist. Daher habe ich mich dann natürlich auf die suche nach dem Fehler gemacht und diesen auch recht zügig gefunden. In meinen Windows Task Manager läuft die ganze Zeit der Prozess cmd.exe der diesen "Fehler" verursacht.
Darauf hin habe ich diesen Prozess einfach mal beendet um zusehen ob es wirklich daran liegt und siehe da, alles wieder beim alten. Doch leider startet sich dieser Prozess nach jedem Systemstart neu.
Jetzt bin ich natürlich auf der Suche um den "Virus"(oder was es auch immer ist) zu beseitigen.
Bin dabei natürlich auch auf euer Forum gestoßen und habe den passenden Thread gefunden. Habe diesen Schritt für Schritt bei mir wiederholt doch leider ohne Erfolg.

Dennoch hoffe ich das man mir hier vielleicht helfen kann.

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ZamiZez at 2014-04-03 16:15:50
Running from C:\Users\ZamiZez\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EveHQ (HKLM-x32\...\EveHQ) (Version:  - )
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.8.8.4290 - battleclinic.com)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jet Screenshot v 3.1 (HKLM-x32\...\Jet Screenshot_is1) (Version: 3.1 - ArcticLine Software)
Logitech Gaming Software (Version: 8.40.83 - Logitech Inc.) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mumble 1.2.5 (HKLM-x32\...\{871F39A1-1671-4161-A012-1D4820346A69}) (Version: 1.2.5 - Thorvald Natvig)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Walking Dead Season 2 EP 2 (HKLM-x32\...\The Walking Dead Season 2 EP 2_is1) (Version:  - )
Thief (HKLM-x32\...\VGhpZWY=_is1) (Version: 1 - )
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-02-26 16:32 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {10269760-E50E-4A3F-A224-7C0F4B40A1A7} - \MySearchDial No Task File
Task: {20C84C50-90E4-49A9-B0CD-817BDACC6642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)
Task: {4A02C9A3-8703-41C7-9660-F6B2F89174FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {4AA4221D-BFA7-4C6A-AB13-BADF2646493D} - System32\Tasks\FRAPS => D:\Programme\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {69D9B732-F8EA-4125-BF49-A0CC8DBD5B39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {8AAB2E85-4E35-4C72-A9A9-C354CFEA1F8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {EC61B2DB-8E83-4020-B646-D5A2C57FD63F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)
Task: {F669D923-E8C4-4C1D-A12A-81B5FE8BE15F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-31 03:27 - 2014-01-31 03:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-29 14:26 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-29 14:15 - 2014-01-29 14:15 - 02169856 ___SH () C:\Windows\System32\hale.exe
2014-01-29 14:32 - 2013-12-18 10:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-26 16:30 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-26 16:30 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-26 16:30 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-26 16:30 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-26 16:30 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-15 22:20 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 22:20 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 22:20 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 22:20 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 22:20 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 22:20 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^ZamiZez^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 8139.39 MB
Available physical RAM: 6154.95 MB
Total Pagefile: 16276.97 MB
Available Pagefile: 13858.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:111.79 GB) (Free:16.83 GB) NTFS
Drive d: (Daten) (Fixed) (Total:465.66 GB) (Free:232.24 GB) NTFS
Drive e: (SAMSUNG SSD) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
Drive g: (TWD.S02E02) (CDROM) (Total:1.75 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 06A456FF)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 407A441F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
defogger_disable.txt
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:51 on 03/04/2014 (ZamiZez)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ZamiZez (administrator) on ZAMIZEZ-PC on 03-04-2014 16:53:42
Running from C:\Users\ZamiZez\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Beepa P/L) D:\Programme\Fraps\fraps.exe
() C:\Windows\System32\hale.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Beepa P/L) D:\Programme\Fraps\fraps64.dat
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ArcticLine Software) C:\Program Files (x86)\Jet Screenshot\jetScreenshot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1626239892-2655385971-3427510501-1000\...\Run: [Jet Screenshot] - C:\Program Files (x86)\Jet Screenshot\jetScreenshot.exe [1954056 2013-01-11] (ArcticLine Software)
HKU\S-1-5-21-1626239892-2655385971-3427510501-1000\...\MountPoints2: {3a14454a-88d7-11e3-bff4-806e6f6e6963} - "E:\Install Navigator.exe"
HKU\S-1-5-21-1626239892-2655385971-3427510501-1000\...\MountPoints2: {92428670-8b29-11e3-bc0b-60a44c591d1d} - G:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD950EBAE91CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {E32F6931-A6B3-434F-A40A-E2F5A8A7AEB6} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {E32F6931-A6B3-434F-A40A-E2F5A8A7AEB6} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: https://www.google.de/
CHR Extension: (ProxTube) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-01]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-02-01]
CHR Extension: (BetterTTV) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-02-01]
CHR Extension: (Angry Birds) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-02-01]
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcnhmeicafddjdaeecddemnhnomiaai [2014-02-23]
CHR Extension: (Untamed Now Playing) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmdghkkehlmfllejpgikgpjgfalppei [2014-02-01]
CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob [2014-02-01]
CHR Extension: (Grooveshark Non-Stop) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\flgdeakeeekllcpldfampgbamohdagdp [2014-02-01]
CHR Extension: (AdBlock) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-01]
CHR Extension: (Grooveshark) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnlkcnlmlenciieopglodnbpedpejeel [2014-02-01]
CHR Extension: (EVE Amarr Theme III) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiocneofjocflbfikiegbifbmbnpflao [2014-02-01]
CHR Extension: (SparkChess 7) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-02-01]
CHR Extension: (Twitch Now) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2014-02-01]
CHR Extension: (Google Wallet) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (Extended Protection) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-02-26]
CHR Extension: (Click&Clean App) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-02-01]
CHR Extension: (Twitch Giveaways) - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2014-02-01]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\ZamiZez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-31] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-03] (Disc Soft Ltd)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-03] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 16:53 - 2014-04-03 16:53 - 00000652 _____ () C:\Users\ZamiZez\Downloads\defogger_disable.log
2014-04-03 16:50 - 2014-04-03 16:50 - 00050477 _____ () C:\Users\ZamiZez\Downloads\Defogger.exe
2014-04-03 16:50 - 2014-04-03 16:50 - 00000168 _____ () C:\Users\ZamiZez\defogger_reenable
2014-04-03 16:47 - 2014-04-03 16:52 - 00000000 ____D () C:\Users\ZamiZez\Desktop\cmd shit
2014-04-03 16:20 - 2014-04-03 16:20 - 02347384 _____ (ESET) C:\Users\ZamiZez\Downloads\esetsmartinstaller_enu.exe
2014-04-03 16:20 - 2014-04-03 16:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-03 16:18 - 2014-04-03 16:18 - 00000010 _____ () C:\Users\ZamiZez\Desktop\asd.txt
2014-04-03 16:15 - 2014-04-03 16:53 - 00012707 _____ () C:\Users\ZamiZez\Desktop\FRST.txt
2014-04-03 16:15 - 2014-04-03 16:16 - 00014835 _____ () C:\Users\ZamiZez\Desktop\Addition.txt
2014-04-03 16:14 - 2014-04-03 16:53 - 00000000 ____D () C:\FRST
2014-04-03 16:13 - 2014-04-03 16:13 - 02157056 _____ (Farbar) C:\Users\ZamiZez\Desktop\FRST64.exe
2014-04-03 16:11 - 2014-04-03 16:11 - 01145856 _____ (Farbar) C:\Users\ZamiZez\Downloads\FRST.exe
2014-04-03 16:07 - 2014-04-03 16:07 - 00000793 _____ () C:\Users\ZamiZez\Desktop\JRT.txt
2014-04-03 16:04 - 2014-04-03 16:04 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 15:49 - 2014-04-03 15:49 - 01038974 _____ (Thisisu) C:\Users\ZamiZez\Downloads\JRT.exe
2014-04-03 15:48 - 2014-04-03 15:48 - 01426178 _____ () C:\Users\ZamiZez\Downloads\adwcleaner.exe
2014-04-03 15:28 - 2014-04-03 15:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 15:28 - 2014-04-03 15:28 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-03 15:28 - 2014-04-03 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 15:28 - 2014-04-03 15:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-03 15:28 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 15:28 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 15:28 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 15:27 - 2014-04-03 15:27 - 00613200 _____ (Chip Digital GmbH) C:\Users\ZamiZez\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-03 15:06 - 2014-04-03 15:06 - 00007638 _____ () C:\Users\ZamiZez\AppData\Local\Resmon.ResmonCfg
2014-03-31 06:02 - 2014-03-31 06:02 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-03-30 07:56 - 2014-04-03 15:52 - 00010688 _____ () C:\Windows\PFRO.log
2014-03-29 15:57 - 2014-03-29 15:57 - 00000000 ____D () C:\Windows\Sun
2014-03-29 15:46 - 2014-04-01 00:46 - 00000090 _____ () C:\Users\ZamiZez\AppData\Roaming\WB.CFG
2014-03-29 15:45 - 2014-03-29 15:45 - 00001540 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-03-29 15:45 - 2014-03-29 15:45 - 00001247 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-03-29 15:45 - 2014-03-29 15:45 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\DVDVideoSoft
2014-03-29 15:45 - 2014-03-29 15:45 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-29 15:44 - 2014-03-29 15:44 - 00634288 _____ () C:\Users\ZamiZez\Downloads\FreeYouTubeToMP3Converter.exe
2014-03-29 15:36 - 2014-03-29 15:40 - 00000000 ____D () C:\Users\ZamiZez\Downloads\Cicle Of Alchemists
2014-03-28 20:38 - 2014-03-28 20:39 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack (3).zip
2014-03-28 20:38 - 2014-03-28 20:38 - 00065751 _____ () C:\Users\ZamiZez\Downloads\template.psd
2014-03-28 07:00 - 2014-03-28 07:00 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack (2).zip
2014-03-28 06:53 - 2014-03-28 06:53 - 00034319 _____ () C:\Users\ZamiZez\Downloads\YES_OH_MY_GOSH.ogg
2014-03-28 04:59 - 2014-03-28 04:59 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack (1).zip
2014-03-28 04:57 - 2014-03-28 04:58 - 22808886 _____ () C:\Users\ZamiZez\Downloads\CLRBrowserSourcePlugin3.7z
2014-03-28 04:55 - 2014-03-28 04:55 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack.zip
2014-03-28 04:51 - 2014-03-28 04:51 - 21089156 _____ () C:\Users\ZamiZez\Downloads\CLRBrowserSourcePlugin64Mark2.7z
2014-03-28 04:47 - 2014-03-28 04:47 - 07888419 _____ () C:\Users\ZamiZez\Downloads\OBS_0_613b_Installer.exe
2014-03-28 04:47 - 2014-03-28 04:47 - 00000943 _____ () C:\Users\ZamiZez\Desktop\Open Broadcaster Software.lnk
2014-03-28 04:47 - 2014-03-28 04:47 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-03-28 04:22 - 2014-03-28 04:22 - 00009068 _____ () C:\Users\ZamiZez\Downloads\ZamiZez-fans.csv
2014-03-28 04:18 - 2014-03-28 04:18 - 00002661 _____ () C:\Users\ZamiZez\Downloads\ZamiZez-following.csv
2014-03-28 02:49 - 2014-03-28 02:49 - 02180983 _____ () C:\Users\ZamiZez\Downloads\TwitchAlerts V0.56.7.zip
2014-03-28 01:45 - 2014-03-28 01:45 - 00012737 _____ () C:\Users\ZamiZez\Downloads\TypeToISKV3.zip
2014-03-27 20:37 - 2014-03-27 20:37 - 00154205 _____ () C:\Users\ZamiZez\Downloads\the_abandoned_treasure.zip
2014-03-26 15:25 - 2014-03-26 15:25 - 456120488 _____ () C:\Windows\MEMORY.DMP
2014-03-26 15:25 - 2014-03-26 15:25 - 00747680 _____ () C:\Windows\Minidump\032614-5397-01.dmp
2014-03-26 15:25 - 2014-03-26 15:25 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 22:17 - 2014-03-22 22:17 - 00000000 ____D () C:\Users\ZamiZez\Documents\My Games
2014-03-22 05:26 - 2014-03-22 05:26 - 00000208 _____ () C:\Users\ZamiZez\Desktop\War Thunder.url
2014-03-22 05:23 - 2014-03-22 05:23 - 00000000 ____D () C:\Users\ZamiZez\AppData\Local\WarThunder
2014-03-22 05:23 - 2014-03-22 05:23 - 00000000 ____D () C:\ProgramData\WarThunder
2014-03-22 05:22 - 2014-03-22 05:22 - 04084464 _____ (Gaijin Entertainment ) C:\Users\ZamiZez\Downloads\wt_launcher_1.0.1.335.exe
2014-03-17 16:23 - 2014-03-17 16:26 - 02435072 _____ () C:\Users\ZamiZez\Downloads\WinMTR.exe
2014-03-15 22:01 - 2014-03-15 22:01 - 00002385 _____ () C:\Users\ZamiZez\Documents\MumbleAutomaticCertificateBackup.p12
2014-03-15 22:00 - 2014-03-16 02:13 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Mumble
2014-03-15 21:59 - 2014-03-15 21:59 - 15686656 _____ () C:\Users\ZamiZez\Downloads\mumble-1.2.5.msi
2014-03-14 01:00 - 2014-03-14 01:00 - 00006667 _____ () C:\Users\ZamiZez\Downloads\Hybrid Hacs.txt
2014-03-12 22:12 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:12 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:12 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:12 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:12 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:12 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:12 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:12 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:12 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:12 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:12 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:12 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:12 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 22:12 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:12 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:12 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 22:12 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:12 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:12 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 22:12 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 22:12 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 22:12 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 22:12 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 22:12 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:12 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 22:12 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 22:12 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 22:12 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:12 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:12 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 22:12 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 22:12 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:12 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 22:12 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 22:12 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 22:12 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:12 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 22:12 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 22:12 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:12 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 22:11 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:11 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:11 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:11 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 22:11 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 22:11 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:11 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 22:11 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 17:53 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-11 17:51 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-11 17:51 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-11 17:51 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-11 17:50 - 2014-03-11 17:50 - 00000000 ____D () C:\NVIDIA
2014-03-07 03:14 - 2014-03-07 03:14 - 00000000 ____D () C:\Users\ZamiZez\Documents\Telltale Games
2014-03-07 03:14 - 2014-03-07 03:14 - 00000000 ____D () C:\ProgramData\CODEX
2014-03-07 02:48 - 2014-03-07 02:48 - 00000774 _____ () C:\Users\ZamiZez\Desktop\The Walking Dead Season 2 EP 2.lnk
2014-03-07 02:31 - 2014-03-07 02:31 - 00003800 _____ () C:\Users\ZamiZez\Downloads\73cf6a84a600f905cf0e0f0caf7424f2.dlc
2014-03-07 01:57 - 2014-03-07 01:57 - 02180689 _____ () C:\Users\ZamiZez\Downloads\TwitchAlerts V0.56.3.zip
2014-03-04 11:49 - 2014-03-04 11:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2014-04-03 16:53 - 2014-04-03 16:53 - 00000652 _____ () C:\Users\ZamiZez\Downloads\defogger_disable.log
2014-04-03 16:53 - 2014-04-03 16:15 - 00012707 _____ () C:\Users\ZamiZez\Desktop\FRST.txt
2014-04-03 16:53 - 2014-04-03 16:14 - 00000000 ____D () C:\FRST
2014-04-03 16:53 - 2014-01-29 14:05 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\NetSpeedMonitor
2014-04-03 16:52 - 2014-04-03 16:47 - 00000000 ____D () C:\Users\ZamiZez\Desktop\cmd shit
2014-04-03 16:50 - 2014-04-03 16:50 - 00050477 _____ () C:\Users\ZamiZez\Downloads\Defogger.exe
2014-04-03 16:50 - 2014-04-03 16:50 - 00000168 _____ () C:\Users\ZamiZez\defogger_reenable
2014-04-03 16:50 - 2014-01-29 13:21 - 00000000 ____D () C:\Users\ZamiZez
2014-04-03 16:23 - 2014-01-29 14:01 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 16:20 - 2014-04-03 16:20 - 02347384 _____ (ESET) C:\Users\ZamiZez\Downloads\esetsmartinstaller_enu.exe
2014-04-03 16:20 - 2014-04-03 16:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-03 16:18 - 2014-04-03 16:18 - 00000010 _____ () C:\Users\ZamiZez\Desktop\asd.txt
2014-04-03 16:16 - 2014-04-03 16:15 - 00014835 _____ () C:\Users\ZamiZez\Desktop\Addition.txt
2014-04-03 16:13 - 2014-04-03 16:13 - 02157056 _____ (Farbar) C:\Users\ZamiZez\Desktop\FRST64.exe
2014-04-03 16:11 - 2014-04-03 16:11 - 01145856 _____ (Farbar) C:\Users\ZamiZez\Downloads\FRST.exe
2014-04-03 16:11 - 2010-11-21 08:22 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 16:11 - 2010-11-21 08:22 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 16:11 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 16:08 - 2014-01-29 13:23 - 01372375 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 16:07 - 2014-04-03 16:07 - 00000793 _____ () C:\Users\ZamiZez\Desktop\JRT.txt
2014-04-03 16:05 - 2014-02-28 08:08 - 00007523 _____ () C:\Windows\setupact.log
2014-04-03 16:05 - 2014-02-01 14:43 - 00003166 _____ () C:\Windows\System32\Tasks\FRAPS
2014-04-03 16:05 - 2014-01-29 14:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 16:05 - 2014-01-29 14:01 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 16:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 16:04 - 2014-04-03 16:04 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 16:02 - 2014-02-26 16:25 - 00000000 ____D () C:\AdwCleaner
2014-04-03 16:02 - 2009-07-14 06:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 16:02 - 2009-07-14 06:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 15:53 - 2014-04-03 15:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 15:52 - 2014-03-30 07:56 - 00010688 _____ () C:\Windows\PFRO.log
2014-04-03 15:49 - 2014-04-03 15:49 - 01038974 _____ (Thisisu) C:\Users\ZamiZez\Downloads\JRT.exe
2014-04-03 15:48 - 2014-04-03 15:48 - 01426178 _____ () C:\Users\ZamiZez\Downloads\adwcleaner.exe
2014-04-03 15:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-04-03 15:44 - 2014-01-29 14:49 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\TS3Client
2014-04-03 15:28 - 2014-04-03 15:28 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-03 15:28 - 2014-04-03 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 15:28 - 2014-04-03 15:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-03 15:27 - 2014-04-03 15:27 - 00613200 _____ (Chip Digital GmbH) C:\Users\ZamiZez\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-03 15:06 - 2014-04-03 15:06 - 00007638 _____ () C:\Users\ZamiZez\AppData\Local\Resmon.ResmonCfg
2014-04-03 13:39 - 2014-02-01 13:26 - 00000000 ____D () C:\Users\ZamiZez\AppData\Local\DayZ
2014-04-03 08:15 - 2014-01-30 23:55 - 00000000 ____D () C:\ProgramData\Origin
2014-04-01 00:46 - 2014-03-29 15:46 - 00000090 _____ () C:\Users\ZamiZez\AppData\Roaming\WB.CFG
2014-03-31 16:51 - 2014-02-03 19:22 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\EVEMon
2014-03-31 06:02 - 2014-03-31 06:02 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-03-30 00:56 - 2014-02-03 19:03 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Skype
2014-03-29 18:20 - 2014-01-29 15:18 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-03-29 18:13 - 2014-01-29 14:47 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\vlc
2014-03-29 15:57 - 2014-03-29 15:57 - 00000000 ____D () C:\Windows\Sun
2014-03-29 15:45 - 2014-03-29 15:45 - 00001540 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-03-29 15:45 - 2014-03-29 15:45 - 00001247 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-03-29 15:45 - 2014-03-29 15:45 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\DVDVideoSoft
2014-03-29 15:45 - 2014-03-29 15:45 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-29 15:44 - 2014-03-29 15:44 - 00634288 _____ () C:\Users\ZamiZez\Downloads\FreeYouTubeToMP3Converter.exe
2014-03-29 15:40 - 2014-03-29 15:36 - 00000000 ____D () C:\Users\ZamiZez\Downloads\Cicle Of Alchemists
2014-03-29 15:24 - 2014-02-24 01:09 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-28 20:39 - 2014-03-28 20:38 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack (3).zip
2014-03-28 20:38 - 2014-03-28 20:38 - 00065751 _____ () C:\Users\ZamiZez\Downloads\template.psd
2014-03-28 20:20 - 2009-07-14 06:45 - 00271720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 07:00 - 2014-03-28 07:00 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack (2).zip
2014-03-28 06:53 - 2014-03-28 06:53 - 00034319 _____ () C:\Users\ZamiZez\Downloads\YES_OH_MY_GOSH.ogg
2014-03-28 04:59 - 2014-03-28 04:59 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack (1).zip
2014-03-28 04:59 - 2014-01-29 15:12 - 00000000 ____D () C:\Users\ZamiZez\Desktop\Stream
2014-03-28 04:58 - 2014-03-28 04:57 - 22808886 _____ () C:\Users\ZamiZez\Downloads\CLRBrowserSourcePlugin3.7z
2014-03-28 04:55 - 2014-03-28 04:55 - 25360716 _____ () C:\Users\ZamiZez\Downloads\clrbrowser3_repack.zip
2014-03-28 04:51 - 2014-03-28 04:51 - 21089156 _____ () C:\Users\ZamiZez\Downloads\CLRBrowserSourcePlugin64Mark2.7z
2014-03-28 04:47 - 2014-03-28 04:47 - 07888419 _____ () C:\Users\ZamiZez\Downloads\OBS_0_613b_Installer.exe
2014-03-28 04:47 - 2014-03-28 04:47 - 00000943 _____ () C:\Users\ZamiZez\Desktop\Open Broadcaster Software.lnk
2014-03-28 04:47 - 2014-03-28 04:47 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-03-28 04:47 - 2014-01-29 15:18 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\OBS
2014-03-28 04:22 - 2014-03-28 04:22 - 00009068 _____ () C:\Users\ZamiZez\Downloads\ZamiZez-fans.csv
2014-03-28 04:18 - 2014-03-28 04:18 - 00002661 _____ () C:\Users\ZamiZez\Downloads\ZamiZez-following.csv
2014-03-28 03:18 - 2014-01-29 14:01 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 03:18 - 2014-01-29 14:01 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 02:49 - 2014-03-28 02:49 - 02180983 _____ () C:\Users\ZamiZez\Downloads\TwitchAlerts V0.56.7.zip
2014-03-28 01:45 - 2014-03-28 01:45 - 00012737 _____ () C:\Users\ZamiZez\Downloads\TypeToISKV3.zip
2014-03-27 20:41 - 2014-01-29 14:01 - 00058816 _____ () C:\Users\ZamiZez\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 20:37 - 2014-03-27 20:37 - 00154205 _____ () C:\Users\ZamiZez\Downloads\the_abandoned_treasure.zip
2014-03-26 15:25 - 2014-03-26 15:25 - 456120488 _____ () C:\Windows\MEMORY.DMP
2014-03-26 15:25 - 2014-03-26 15:25 - 00747680 _____ () C:\Windows\Minidump\032614-5397-01.dmp
2014-03-26 15:25 - 2014-03-26 15:25 - 00000000 ____D () C:\Windows\Minidump
2014-03-24 20:28 - 2014-02-03 18:47 - 00000000 ____D () C:\ProgramData\Tunngle
2014-03-22 22:19 - 2014-01-29 15:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-22 22:17 - 2014-03-22 22:17 - 00000000 ____D () C:\Users\ZamiZez\Documents\My Games
2014-03-22 05:26 - 2014-03-22 05:26 - 00000208 _____ () C:\Users\ZamiZez\Desktop\War Thunder.url
2014-03-22 05:23 - 2014-03-22 05:23 - 00000000 ____D () C:\Users\ZamiZez\AppData\Local\WarThunder
2014-03-22 05:23 - 2014-03-22 05:23 - 00000000 ____D () C:\ProgramData\WarThunder
2014-03-22 05:22 - 2014-03-22 05:22 - 04084464 _____ (Gaijin Entertainment ) C:\Users\ZamiZez\Downloads\wt_launcher_1.0.1.335.exe
2014-03-18 01:44 - 2014-02-03 18:47 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Tunngle
2014-03-17 16:26 - 2014-03-17 16:23 - 02435072 _____ () C:\Users\ZamiZez\Downloads\WinMTR.exe
2014-03-16 02:13 - 2014-03-15 22:00 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\Mumble
2014-03-15 22:01 - 2014-03-15 22:01 - 00002385 _____ () C:\Users\ZamiZez\Documents\MumbleAutomaticCertificateBackup.p12
2014-03-15 21:59 - 2014-03-15 21:59 - 15686656 _____ () C:\Users\ZamiZez\Downloads\mumble-1.2.5.msi
2014-03-14 14:50 - 2014-01-29 14:49 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-14 01:00 - 2014-03-14 01:00 - 00006667 _____ () C:\Users\ZamiZez\Downloads\Hybrid Hacs.txt
2014-03-12 22:13 - 2014-01-29 13:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 22:12 - 2011-07-28 21:13 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-12 17:28 - 2014-01-29 14:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 17:28 - 2014-01-29 14:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 17:53 - 2014-01-29 14:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-11 17:50 - 2014-03-11 17:50 - 00000000 ____D () C:\NVIDIA
2014-03-07 03:14 - 2014-03-07 03:14 - 00000000 ____D () C:\Users\ZamiZez\Documents\Telltale Games
2014-03-07 03:14 - 2014-03-07 03:14 - 00000000 ____D () C:\ProgramData\CODEX
2014-03-07 02:48 - 2014-03-07 02:48 - 00000774 _____ () C:\Users\ZamiZez\Desktop\The Walking Dead Season 2 EP 2.lnk
2014-03-07 02:46 - 2014-02-03 18:41 - 00000000 ____D () C:\Users\ZamiZez\AppData\Roaming\DAEMON Tools Lite
2014-03-07 02:31 - 2014-03-07 02:31 - 00003800 _____ () C:\Users\ZamiZez\Downloads\73cf6a84a600f905cf0e0f0caf7424f2.dlc
2014-03-07 01:57 - 2014-03-07 01:57 - 02180689 _____ () C:\Users\ZamiZez\Downloads\TwitchAlerts V0.56.3.zip
2014-03-05 09:26 - 2014-04-03 15:28 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 15:28 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-03 15:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 16:35 - 2014-03-11 17:51 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 16:35 - 2014-03-11 17:51 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 16:35 - 2014-03-11 17:51 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 16:35 - 2014-01-29 14:26 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-04 16:35 - 2014-01-29 14:26 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-04 16:35 - 2014-01-29 14:22 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 16:35 - 2014-01-29 14:22 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 16:35 - 2014-01-29 14:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 16:35 - 2014-01-29 14:22 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 16:35 - 2014-01-29 14:22 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 16:35 - 2014-01-29 14:22 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 15:06 - 2014-01-29 14:26 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 15:06 - 2014-01-29 14:26 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 15:05 - 2014-01-29 14:26 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 15:05 - 2014-01-29 14:26 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 15:05 - 2014-01-29 14:26 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 15:05 - 2014-01-29 14:26 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 15:05 - 2014-01-29 14:26 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-04 13:32 - 2014-03-11 17:53 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-04 11:49 - 2014-03-04 11:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

Some content of TEMP:
====================
C:\Users\ZamiZez\AppData\Local\Temp\avgnt.exe
C:\Users\ZamiZez\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ZamiZez\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ZamiZez\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\ZamiZez\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ZamiZez\AppData\Local\Temp\nvStInst.exe
C:\Users\ZamiZez\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-14 08:27

==================== End Of Log ============================
         
--- --- ---


mbam-log.txt
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.04.2014
Suchlauf-Zeit: 17:02:29
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.04.03.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ZamiZez

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 240895
Verstrichene Zeit: 5 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Beim durchlaufen des GMER Programms hatte ich eine Bluescreen. Glaube weil ich vergessen hatte das Inetkabel abzuziehen. Jedenfalls läuft seit dem ungewollten Restart der "cmd.exe" Prozess nicht mehr. Selbst nach erneuten neustart. Habe aber dennoch die Anwendung noch einmal ausgeführt.

gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-03 17:11:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_120GB rev.EXT0AB0Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\ZamiZez\AppData\Local\Temp\pxriifod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                        0000000073901a22 2 bytes [90, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                        0000000073901ad0 2 bytes [90, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                        0000000073901b08 2 bytes [90, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                        0000000073901bba 2 bytes [90, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                        0000000073901bda 2 bytes [90, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 00000000755b1465 2 bytes [5B, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000755b14bb 2 bytes [5B, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   00000000755b1465 2 bytes [5B, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000755b14bb 2 bytes [5B, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 00000000755b1465 2 bytes [5B, 75]
.text  C:\Program Files (x86)\Skype\Updater\Updater.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000755b14bb 2 bytes [5B, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000755b1465 2 bytes [5B, 75]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000755b14bb 2 bytes [5B, 75]
.text  ...                                                                                                                            * 2

---- EOF - GMER 2.1 ----
         

Geändert von ZamiZez (03.04.2014 um 17:30 Uhr)

Alt 03.04.2014, 17:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

cmd.exe belastet 30-40% der CPU-Auslastung - Standard

cmd.exe belastet 30-40% der CPU-Auslastung



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 03.04.2014, 17:39   #3
ZamiZez
 
cmd.exe belastet 30-40% der CPU-Auslastung - Standard

cmd.exe belastet 30-40% der CPU-Auslastung



Wie schon oben geschrieben war wären der letzten beiden Scanns (ComboFix & GMER) die "cmd.exe" nicht mehr aktiv

ComboFix.txt
Code:
ATTFilter
ComboFix 14-04-03.01 - ZamiZez 03.04.2014  17:33:06.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8139.5776 [GMT 2:00]
ausgeführt von:: c:\users\ZamiZez\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ZamiZez\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-03 bis 2014-04-03  ))))))))))))))))))))))))))))))
.
.
2014-04-03 15:35 . 2014-04-03 15:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-03 14:14 . 2014-04-03 14:53	--------	d-----w-	C:\FRST
2014-04-03 14:04 . 2014-04-03 14:04	--------	d-----w-	c:\windows\ERUNT
2014-04-03 13:28 . 2014-04-03 14:57	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 13:28 . 2014-04-03 13:28	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-03 13:28 . 2014-04-03 13:28	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-03 13:28 . 2014-03-05 07:26	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-03 13:28 . 2014-03-05 07:26	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 13:28 . 2014-03-05 07:26	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-29 13:57 . 2014-03-29 13:57	--------	d-----w-	c:\windows\Sun
2014-03-29 13:45 . 2014-03-29 13:45	--------	d-----w-	c:\users\ZamiZez\AppData\Roaming\DVDVideoSoft
2014-03-29 13:45 . 2014-03-29 13:45	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2014-03-29 13:45 . 2014-03-29 13:45	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2014-03-28 02:54 . 2014-04-03 15:35	--------	d-----w-	c:\users\ZamiZez\AppData\Local\assembly
2014-03-22 03:23 . 2014-03-22 03:23	--------	d-----w-	c:\users\ZamiZez\AppData\Local\WarThunder
2014-03-22 03:23 . 2014-03-22 03:23	--------	d-----w-	c:\programdata\WarThunder
2014-03-15 20:00 . 2014-03-16 00:13	--------	d-----w-	c:\users\ZamiZez\AppData\Roaming\Mumble
2014-03-12 20:11 . 2014-01-29 02:32	484864	----a-w-	c:\windows\system32\wer.dll
2014-03-12 20:11 . 2014-01-29 02:06	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-03-12 20:11 . 2014-02-07 01:23	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-03-12 20:11 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-12 20:11 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-12 20:11 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 20:11 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-12 20:11 . 2014-01-28 02:32	228864	----a-w-	c:\windows\system32\wwansvc.dll
2014-03-11 15:53 . 2014-03-04 11:32	599840	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-03-11 15:50 . 2014-03-11 15:50	--------	d-----w-	C:\NVIDIA
2014-03-07 01:14 . 2014-03-07 01:14	--------	d-----w-	c:\programdata\CODEX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 20:12 . 2011-07-28 19:13	90015360	----a-w-	c:\windows\system32\MRT.exe
2014-03-12 15:28 . 2014-01-29 12:47	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 15:28 . 2014-01-29 12:47	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-01-29 12:26	62408	----a-w-	c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2014-01-29 12:26	54216	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2014-01-29 12:22	947808	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-01-29 12:22	31474976	----a-w-	c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-01-29 12:22	3093280	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-01-29 12:22	2715264	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-01-29 12:22	14709720	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-04 13:06 . 2014-01-29 12:26	6714312	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-01-29 12:26	3497816	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-01-29 12:26	922968	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-01-29 12:26	64968	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-01-29 12:26	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2014-01-29 12:26	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-01-29 12:26	3649185	----a-w-	c:\windows\system32\nvcoproc.bin
2014-02-19 13:46 . 2014-01-31 01:27	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-02-19 13:46 . 2014-01-31 01:27	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-02-18 13:59 . 2014-02-18 13:59	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-02-09 20:37 . 2014-01-29 12:25	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-02-08 18:34 . 2014-02-23 12:54	1885472	----a-w-	c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-23 12:54	1515296	----a-w-	c:\windows\system32\nvdispgenco6433489.dll
2014-02-03 16:45 . 2014-02-03 16:45	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2014-02-03 16:45 . 2014-02-03 16:45	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2014-02-03 16:41 . 2014-02-03 16:41	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-31 01:27 . 2014-01-31 01:27	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-01-29 13:04 . 2014-01-29 13:04	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-01-29 13:04 . 2014-01-29 13:04	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-29 13:04 . 2014-01-29 13:04	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-01-29 13:04 . 2014-01-29 13:04	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-01-29 13:04 . 2014-01-29 13:04	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-01-29 13:04 . 2014-01-29 13:04	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-01-29 13:04 . 2014-01-29 13:04	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-29 13:04 . 2014-01-29 13:04	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-01-29 13:04 . 2014-01-29 13:04	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-01-29 13:04 . 2014-01-29 13:04	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-01-29 13:04 . 2014-01-29 13:04	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-01-29 13:04 . 2014-01-29 13:04	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-01-29 13:04 . 2014-01-29 13:04	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-01-29 13:04 . 2014-01-29 13:04	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-01-29 13:04 . 2014-01-29 13:04	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-01-29 13:04 . 2014-01-29 13:04	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-01-29 13:04 . 2014-01-29 13:04	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-01-29 13:04 . 2014-01-29 13:04	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-01-29 13:04 . 2014-01-29 13:04	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-01-29 13:04 . 2014-01-29 13:04	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-01-29 13:04 . 2014-01-29 13:04	81408	----a-w-	c:\windows\system32\icardie.dll
2014-01-29 13:04 . 2014-01-29 13:04	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-01-29 13:04 . 2014-01-29 13:04	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-29 13:04 . 2014-01-29 13:04	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-01-29 13:04 . 2014-01-29 13:04	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-01-29 13:04 . 2014-01-29 13:04	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-01-29 13:04 . 2014-01-29 13:04	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-01-29 13:04 . 2014-01-29 13:04	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-01-29 13:04 . 2014-01-29 13:04	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-01-29 13:04 . 2014-01-29 13:04	413696	----a-w-	c:\windows\system32\html.iec
2014-01-29 13:04 . 2014-01-29 13:04	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-29 13:04 . 2014-01-29 13:04	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-01-29 13:04 . 2014-01-29 13:04	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-01-29 13:04 . 2014-01-29 13:04	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2014-01-29 13:04 . 2014-01-29 13:04	247808	----a-w-	c:\windows\system32\msls31.dll
2014-01-29 13:04 . 2014-01-29 13:04	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-01-29 13:04 . 2014-01-29 13:04	235520	----a-w-	c:\windows\system32\url.dll
2014-01-29 13:04 . 2014-01-29 13:04	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-01-29 13:04 . 2014-01-29 13:04	147968	----a-w-	c:\windows\system32\occache.dll
2014-01-29 13:04 . 2014-01-29 13:04	143872	----a-w-	c:\windows\system32\wextract.exe
2014-01-29 13:04 . 2014-01-29 13:04	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-01-29 13:04 . 2014-01-29 13:04	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-01-29 13:04 . 2014-01-29 13:04	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-01-29 13:04 . 2014-01-29 13:04	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-01-29 13:04 . 2014-01-29 13:04	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-01-29 13:04 . 2014-01-29 13:04	101376	----a-w-	c:\windows\system32\inseng.dll
2014-01-29 13:04 . 2014-01-29 13:04	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-01-29 13:04 . 2014-01-29 13:04	774144	----a-w-	c:\windows\system32\jscript.dll
2014-01-29 13:04 . 2014-01-29 13:04	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-01-29 13:04 . 2014-01-29 13:04	13824	----a-w-	c:\windows\system32\mshta.exe
2014-01-29 13:04 . 2014-01-29 13:04	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-01-29 12:15 . 2010-11-21 03:24	419840	----a-w-	c:\windows\system32\systemcpl.dll
2014-01-29 12:15 . 2009-07-13 23:52	65536	----a-w-	c:\windows\system32\sppuinotify.dll
2014-01-29 12:15 . 2009-07-13 23:51	381952	----a-w-	c:\windows\system32\sppcommdlg.dll
2014-01-29 12:15 . 2010-11-21 03:24	15360	----a-w-	c:\windows\system32\slwga.dll
2014-01-29 12:15 . 2010-11-21 03:24	1008128	----a-w-	c:\windows\system32\user32.dll
2014-01-29 12:15 . 2009-07-13 23:52	142336	----a-w-	c:\windows\system32\sppwmi.dll
2014-01-29 12:15 . 2014-01-29 12:15	2169856	--sha-w-	c:\windows\system32\hale.exe
2014-01-29 12:15 . 2010-11-21 03:24	389632	----a-w-	c:\windows\system32\winlogon.exe
2014-01-29 12:15 . 2010-11-21 03:24	349696	----a-w-	c:\windows\system32\slui.exe
2014-01-29 12:15 . 2009-07-13 23:57	2048	----a-w-	c:\windows\system32\winver.exe
2014-01-29 12:15 . 2009-06-10 20:59	107946	----a-w-	c:\windows\system32\slmgr.vbs
2014-01-29 11:27 . 2014-01-29 11:27	16896	----a-w-	c:\windows\AsTaskSched.dll
2014-01-21 02:53 . 2014-01-29 12:27	1048152	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-01-21 02:53 . 2014-01-29 12:27	1179576	----a-w-	c:\windows\system32\nvspcap64.dll
2014-01-09 02:22 . 2014-02-26 18:55	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-01-03 22:44 . 2014-02-26 18:55	6574592	----a-w-	c:\windows\system32\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-01-29 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-01-29 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Screenshot"="c:\program files (x86)\Jet Screenshot\jetScreenshot.exe" [2013-01-11 1954056]
"GoogleChromeAutoLaunch_6F7503BDC0A77B1971557490689F94A3"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-03-15 859976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;d:\program files (x86)\Tunngle\TnglCtrl.exe;d:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:18	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29 12:01]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29 12:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-04 7204568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-03  17:36:08
ComboFix-quarantined-files.txt  2014-04-03 15:36
.
Vor Suchlauf: 11 Verzeichnis(se), 17.184.620.544 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 17.384.378.368 Bytes frei
.
- - End Of File - - 29603AE1E745D77E907557572D4D51EF
A36C5E4F47E84449FF07ED3517B43A31
         
__________________

Alt 04.04.2014, 12:28   #4
schrauber
/// the machine
/// TB-Ausbilder
 

cmd.exe belastet 30-40% der CPU-Auslastung - Standard

cmd.exe belastet 30-40% der CPU-Auslastung



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu cmd.exe belastet 30-40% der CPU-Auslastung
antivirus, ausgelastet, avira, converter, cpu, defender, dvdvideosoft ltd., explorer, fehler, flash player, helper, homepage, iexplore.exe, launch, minidump, mp3, prozess, refresh, registry, scan, schutz, security, services.exe, software, svchost.exe, updates, usb, virus, windows



Ähnliche Themen: cmd.exe belastet 30-40% der CPU-Auslastung


  1. Win8.1: BSOD beim Runterfahren, Arbeitsspeicher bei wenigen Tasks mit 70-80% belastet, Page_fault_in_nonpaged_area, 0x00000050, avgntflt.sys
    Alles rund um Windows - 07.10.2015 (2)
  2. svchost belastet CPU, Malware-Funde was nun?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (25)
  3. svchost.exe belastet dauerhaft den Prozessor
    Alles rund um Windows - 24.08.2015 (9)
  4. USB Laufwerk mit Viren belastet
    Plagegeister aller Art und deren Bekämpfung - 12.08.2015 (72)
  5. Windows 7: (compatibilitycheck.exe) PC sehr belastet und Prozesse lassen sich nicht schließen.
    Log-Analyse und Auswertung - 27.03.2015 (21)
  6. Webseiten mit find.com belastet
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  7. Vista: iexplorer.exe startet eigenständig und belastet den PC
    Log-Analyse und Auswertung - 30.08.2014 (21)
  8. Windows Explorer belastet extrem CPU
    Log-Analyse und Auswertung - 22.06.2014 (14)
  9. CPU auslastung 80 - 100 %
    Log-Analyse und Auswertung - 12.02.2013 (2)
  10. avp.exe 97% CPU auslastung
    Log-Analyse und Auswertung - 13.12.2008 (0)
  11. Win ME: System ist voll belastet!
    Alles rund um Windows - 23.10.2008 (4)
  12. cpu auslastung 100%
    Mülltonne - 22.09.2008 (0)
  13. PC auf 100% Auslastung Oo
    Log-Analyse und Auswertung - 24.08.2008 (15)
  14. DR/Zlob.Gen gefunden!!!! leerlaufprozess 100% belastet
    Log-Analyse und Auswertung - 20.05.2007 (5)
  15. Probleme mit Popups im IE (Taskmanger CPU stark von IE belastet)
    Plagegeister aller Art und deren Bekämpfung - 20.02.2007 (10)
  16. cpu auslastung 100%
    Log-Analyse und Auswertung - 26.07.2006 (20)

Zum Thema cmd.exe belastet 30-40% der CPU-Auslastung - Schönen guten Tag, habe heute nach dem Spiele festgestellt das meine CPU nach beenden der Spiele immer zu 30-40% ausgelastet ist. Daher habe ich mich dann natürlich auf die suche - cmd.exe belastet 30-40% der CPU-Auslastung...
Archiv
Du betrachtest: cmd.exe belastet 30-40% der CPU-Auslastung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.