Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems

100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems


Log-Analyse und Auswertung: 100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.09.2011, 16:48   #1
PeterPeter11
 
100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems - Standard

100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems


Hallo alle zusammen,

seit mittlerweile einer Woche ist mein Laptop fast nicht mehr zu gebrauchen, da es sporadisch, mit zunehmender Tendenz eine 100%ige CPU Auslastung aufweist und es quasi nicht mehr zu benutzen ist. Trotz mehrmaliger Formatierung aller Partizipationen und Neuinstallation von Win7 64 Bit, löst sich das Problem nicht.

Könnt ihr mal bitte auf die Log-Files schauen, ob euch etwas auffällt. Ihr seid meine letzte Rettung ^^

Hier die OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.09.2011 17:22:10 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\XXX\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,30% Memory free
7,97 Gb Paging File | 6,84 Gb Available in Paging File | 85,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,13 Gb Total Space | 34,27 Gb Free Space | 57,96% Space Free | Partition Type: NTFS
Drive D: | 52,56 Gb Total Space | 52,47 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.18 16:51:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Downloads\OTL.exe
PRC - [2011.09.18 16:51:36 | 000,050,477 | ---- | M] () -- C:\Users\XXX\Downloads\Defogger.exe
PRC - [2011.09.08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011.09.03 08:18:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.17 10:59:18 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010.05.17 10:57:54 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.18 16:51:36 | 000,050,477 | ---- | M] () -- C:\Users\XXX\Downloads\Defogger.exe
MOD - [2011.09.03 08:18:05 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.07.28 14:50:16 | 000,519,536 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2010.03.09 23:56:02 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters)
SRV - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.05.17 10:59:18 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.07.11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.07.11 01:13:42 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.05 20:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010.03.09 23:56:02 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 4B CC F2 73 74 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011.09.16 19:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.16 15:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.16 15:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Extensions
[2011.09.16 15:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.09.16 19:11:02 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D0773C7-3680-4314-BF44-640AEC12BBE1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.18 14:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.09.18 14:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.09.18 14:48:13 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.09.18 14:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.09.18 14:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.09.18 14:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.09.18 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011.09.18 14:44:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.09.18 14:42:40 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft Help
[2011.09.18 14:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.09.18 14:11:35 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Brother
[2011.09.18 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\ElevatedDiagnostics
[2011.09.18 13:36:06 | 000,000,000 | ---D | C] -- C:\3A4CCD9F29B4D88BD662AF
[2011.09.18 13:34:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.09.18 13:34:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.09.18 13:31:03 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.09.18 13:30:41 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.09.17 21:20:17 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\XXX
[2011.09.17 18:40:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.09.17 18:40:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.09.17 14:05:14 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Adobe
[2011.09.17 14:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.09.17 14:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.09.17 14:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.09.17 13:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.09.17 13:42:17 | 000,000,000 | ---D | C] -- C:\Windows\nview
[2011.09.17 13:31:16 | 012,772,352 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011.09.17 13:31:16 | 003,348,480 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011.09.17 13:31:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011.09.17 13:30:47 | 001,472,000 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011.09.17 13:30:47 | 000,644,608 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011.09.17 13:30:47 | 000,505,856 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011.09.17 13:30:47 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011.09.17 13:30:46 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646274.dll
[2011.09.17 13:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011.09.17 13:30:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.09.17 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2011.09.17 13:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell System Manager
[2011.09.17 13:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011.09.17 13:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2011.09.17 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Dell
[2011.09.17 13:22:09 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.09.17 13:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.09.17 13:21:49 | 000,000,000 | ---D | C] -- C:\Intel
[2011.09.17 13:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2011.09.17 13:11:33 | 000,000,000 | ---D | C] -- C:\dell
[2011.09.17 13:04:52 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Skype
[2011.09.17 13:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.09.17 13:04:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.09.17 13:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.09.17 03:16:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Macromedia
[2011.09.17 03:16:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Adobe
[2011.09.17 03:16:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.09.17 00:13:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.09.16 23:19:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\AVG2012
[2011.09.16 19:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011.09.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011.09.16 19:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011.09.16 19:10:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011.09.16 19:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011.09.16 18:30:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.09.16 15:44:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.09.16 15:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.09.16 15:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011.09.16 15:30:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011.09.16 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011.09.16 15:29:28 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.09.16 15:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011.09.16 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2011.09.16 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Mozilla
[2011.09.16 15:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.09.16 15:00:46 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.09.16 15:00:46 | 000,000,000 | R--D | C] -- C:\Users\XXX\Searches
[2011.09.16 15:00:46 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.09.16 15:00:46 | 000,000,000 | -H-D | C] -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011.09.16 15:00:37 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Identities
[2011.09.16 15:00:34 | 000,000,000 | R--D | C] -- C:\Users\XXX\Contacts
[2011.09.16 15:00:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\VirtualStore
[2011.09.16 15:00:22 | 000,000,000 | --SD | C] -- C:\Users\XXX\AppData\Roaming\Microsoft
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Videos
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Saved Games
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Pictures
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Music
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Links
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Favorites
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Downloads
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Documents
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\Desktop
[2011.09.16 15:00:22 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Temporary Internet Files
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Templates
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Start Menu
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\SendTo
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Recent
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\PrintHood
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\NetHood
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\My Videos
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\My Pictures
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\My Music
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\My Documents
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Local Settings
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\History
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Cookies
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Application Data
[2011.09.16 15:00:22 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Application Data
[2011.09.16 15:00:22 | 000,000,000 | -H-D | C] -- C:\Users\XXX\AppData
[2011.09.16 15:00:22 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Temp
[2011.09.16 15:00:22 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft
[2011.09.16 15:00:22 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Media Center Programs
[2011.09.16 15:00:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.09.16 14:20:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.09.16 14:17:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.09.16 14:14:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.18 17:27:56 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.18 17:27:56 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.18 17:27:56 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.18 17:23:01 | 000,012,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.18 17:23:01 | 000,012,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.18 17:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.18 17:20:05 | 3211,702,272 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.18 16:57:30 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2011.09.18 15:08:56 | 000,340,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.09.18 14:31:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.09.18 14:10:49 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.09.18 13:06:51 | 104,513,215 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011.09.17 14:04:11 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.09.17 13:28:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011.09.17 13:25:46 | 000,002,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2011.09.17 13:04:47 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.09.16 19:11:02 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.09.16 19:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011.09.16 19:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011.09.16 15:30:18 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011.09.16 15:30:07 | 000,001,070 | ---- | M] () -- C:\Users\XXX\Desktop\ZoneAlarm Security.lnk
[2011.09.16 15:25:56 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.09.16 15:24:17 | 000,001,441 | ---- | M] () -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.09.16 14:26:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
[2011.09.16 14:24:31 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.09.16 14:24:31 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.09.16 14:23:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.18 16:57:30 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2011.09.18 14:10:49 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.09.18 14:10:49 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.09.18 13:31:56 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.09.18 13:30:20 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.09.18 13:30:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.09.18 13:30:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.09.18 13:30:00 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011.09.18 13:30:00 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.09.18 13:06:51 | 104,513,215 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011.09.17 14:04:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.09.17 14:04:11 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.09.17 13:42:17 | 001,829,992 | ---- | C] () -- C:\Windows\SysNative\nvwdmcpl.dll
[2011.09.17 13:42:17 | 001,712,744 | ---- | C] () -- C:\Windows\SysNative\nwiz.exe
[2011.09.17 13:42:17 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2011.09.17 13:42:17 | 001,399,400 | ---- | C] () -- C:\Windows\SysNative\nView64.dll
[2011.09.17 13:42:17 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2011.09.17 13:42:17 | 001,099,880 | ---- | C] () -- C:\Windows\SysNative\nvwimg64.dll
[2011.09.17 13:42:17 | 000,482,920 | ---- | C] () -- C:\Windows\SysNative\nvAppBar.exe
[2011.09.17 13:42:17 | 000,402,024 | ---- | C] () -- C:\Windows\SysNative\nvShell.dll
[2011.09.17 13:42:17 | 000,259,176 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2011.09.17 13:41:45 | 000,023,929 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
[2011.09.17 13:28:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011.09.17 13:25:46 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2011.09.17 13:04:47 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.09.16 19:11:02 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.09.16 19:10:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011.09.16 19:10:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011.09.16 15:30:07 | 000,001,070 | ---- | C] () -- C:\Users\XXX\Desktop\ZoneAlarm Security.lnk
[2011.09.16 15:30:01 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011.09.16 15:25:56 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.09.16 15:25:56 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.09.16 15:24:17 | 000,001,441 | ---- | C] () -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.09.16 15:00:51 | 000,001,413 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.09.16 15:00:48 | 000,001,447 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.09.16 15:00:22 | 000,000,290 | ---- | C] () -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011.09.16 15:00:22 | 000,000,272 | ---- | C] () -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011.09.16 14:26:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
[2011.09.16 14:24:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.09.16 14:24:13 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.09.16 14:23:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2011.09.16 14:14:55 | 3211,702,272 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.09.16 23:19:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AVG2012
[2009.07.14 07:08:49 | 000,005,822 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.09.16 15:00:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.18 13:36:06 | 000,000,000 | ---D | M] -- C:\3A4CCD9F29B4D88BD662AF
[2011.09.17 13:11:33 | 000,000,000 | ---D | M] -- C:\dell
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.17 13:21:49 | 000,000,000 | ---D | M] -- C:\Intel
[2011.09.18 14:44:48 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.18 14:45:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.18 14:48:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.18 14:42:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.09.16 15:00:15 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.09.18 17:26:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.16 15:00:22 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.18 15:07:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---

und hier die Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.09.2011 17:22:10 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\XXX\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,30% Memory free
7,97 Gb Paging File | 6,84 Gb Available in Paging File | 85,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,13 Gb Total Space | 34,27 Gb Free Space | 57,96% Space Free | Partition Type: NTFS
Drive D: | 52,56 Gb Total Space | 52,47 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D0AD116-BE74-4ADD-9E80-83199F53370F}" = AVG 2012
"{7F641B00-536E-4220-9D15-2C90176915A7}" = AVG 2012
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9CC89928-4787-4ED5-9942-4EBF6C2468E6}" = Dell System Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"AVG" = AVG 2012
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2011 07:34:41 | Computer Name = XXX-PC | Source = VSS | ID = 12305
Description = 
 
Error - 18.09.2011 07:59:18 | Computer Name = XXX-PC | Source = ESENT | ID = 215
Description = WinMail (3716) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 18.09.2011 07:59:31 | Computer Name = XXX-PC | Source = ESENT | ID = 215
Description = WinMail (3956) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 18.09.2011 08:42:49 | Computer Name = XXX-PC | Source = MsiInstaller | ID = 11935
Description = 
 
Error - 18.09.2011 09:04:46 | Computer Name = XXX-PC | Source = MsiInstaller | ID = 11935
Description = 
 
Error - 18.09.2011 11:06:10 | Computer Name = XXX-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.29.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1220    Start Time:
 01cc7613d6a31d0a    Termination Time: 15    Application Path: C:\Users\XXX\Downloads\OTL.exe

Report
 Id: badcfdb1-e207-11e0-a2e1-002170b99e9c  
 
[ System Events ]
Error - 18.09.2011 10:57:31 | Computer Name = XXX-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 18.09.2011 10:57:31 | Computer Name = XXX-PC | Source = WudfUsbccidDriver | ID = 1
Description = 
 
Error - 18.09.2011 11:13:44 | Computer Name = XXX-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 18.09.2011 11:13:44 | Computer Name = XXX-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 18.09.2011 11:13:44 | Computer Name = XXX-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 18.09.2011 11:13:44 | Computer Name = XXX-PC | Source = WudfUsbccidDriver | ID = 1
Description = 
 
Error - 18.09.2011 11:25:17 | Computer Name = XXX-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 18.09.2011 11:25:17 | Computer Name = XXX-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 18.09.2011 11:25:17 | Computer Name = XXX-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 18.09.2011 11:25:17 | Computer Name = XXX-PC | Source = WudfUsbccidDriver | ID = 1
Description = 
 
 
< End of report >
--- --- ---


VIELEN DANK!!!

Alt 19.09.2011, 13:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems - Standard

100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems


Ohne zu wissen, welcher Prozess die Last erzeugt, wird das ein Fall für die

Desweiteren solltest du die Finger von ZoneAlarm und anderem unsinnigen Schlangenöl lassen. Deinstalliere ZoneAlarm und verwende die Windows-Firewall.
__________________

__________________
Antwort

Themen zu 100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems
100%, 100% cpu, 64-bit, adobe, analysis, auslastung, autorun, avg, bho, c:\windows\system32\rundll32.exe, cpu, defender, error, excel, explorer, extras.txt, firefox, flash player, home, install.exe, langs, launch, logfile, microsoft office word, mozilla, msiinstaller, otl.txt, problem, registry, rundll, scan, shortcut, software, studio, system, visual studio, webcheck, win7 64, win7 64 bit, windows, windows xp, winlogon.exe


« Internet Explorer und Firefox laden Google nicht mehr | Kartendrucker gesucht »


Ähnliche Themen: 100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems


  1. CPU-Auslastung sehr hoch, PC sehr träge, trotz Neuinstallation
    Alles rund um Windows - 15.08.2015 (7)
  2. CPU Auslastung trotz AVG, Avira, Malwarebytes, ADWcleaner, Spybot etc. zu hoch
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (9)
  3. Hohe Internet Auslastung trotz Entfernung von Delta Search
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (9)
  4. Neuaufsetzung WIN 7 Treiberfrage
    Alles rund um Windows - 22.08.2013 (5)
  5. CPU-Auslastung 100% trotz Leerlauf
    Log-Analyse und Auswertung - 30.04.2013 (19)
  6. trotz Neuaufsetzen des Systems: Iexplore.exe im Taskmanager
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (26)
  7. Trotz Neuaufsetzen des Systems: mehrere Iexplore.exe Prozesse im Taskmanager
    Alles rund um Windows - 25.02.2013 (4)
  8. Hartnäckige Maleware bzw. Rootkits trotz Formatieren und Neuaufsetzen des Systems
    Log-Analyse und Auswertung - 04.02.2013 (19)
  9. Nach Neuaufsetzung des Systems erscheint weiterhin Windows Recovery
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (9)
  10. permanente 20-30%ige Auslastung des Systems
    Plagegeister aller Art und deren Bekämpfung - 16.05.2009 (1)
  11. Viren/Trojaner nach Neuaufsetzung des Systems
    Plagegeister aller Art und deren Bekämpfung - 29.01.2009 (2)
  12. Internet nach Virenbefall trotz Neuaufsetzung des System sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 14.12.2008 (0)
  13. Ständige Werbeseiten bei Mozilla trotz Neuaufsetzung
    Plagegeister aller Art und deren Bekämpfung - 05.08.2008 (37)
  14. Ständige Werbeseiten bei Mozilla trotz Neuaufsetzung!!
    Mülltonne - 03.08.2008 (0)
  15. svchost.exe - 100% Auslastung trotz neuem System
    Log-Analyse und Auswertung - 29.03.2007 (1)
  16. Neuaufsetzung
    Alles rund um Windows - 27.03.2007 (1)
  17. Trojaner trotz Neuaufsetzen des Systems
    Plagegeister aller Art und deren Bekämpfung - 21.06.2005 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems - Hallo alle zusammen, seit mittlerweile einer Woche ist mein Laptop fast nicht mehr zu gebrauchen, da es sporadisch, mit zunehmender Tendenz eine 100%ige CPU Auslastung aufweist und es quasi nicht - 100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems...
Archiv
Du betrachtest: 100% CPU Auslastung, trotz mehrmaliger Neuaufsetzung des Systems auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55