| |
| |||||||
Log-Analyse und Auswertung: PC nach dem Windowsstartup langsam, 100% CPU auslastungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.12.2011, 14:04
| #1 |
 |  PC nach dem Windowsstartup langsam, 100% CPU auslastung Einen schönen guten Tag, Ich bin neu hier in dem Board und bin begeister, mit wieviel Power ihr euch um die belangen der Leute kümmert. Großen Respekt dafür. Zu meinem Problem: Ich habe dieses Problem eigentlich jetzt schon seit mehreren Jahren, wobei ich das immer versucht habe den PC zu starten und erst zu nutzen, wenn dieses "Laggen" weg war. Das war im Schnitt nach etwa 1 Stunde der Fall. Jetzt hab ich mich hingesetzt um herauszufinden warum dies der Fall ist. Bei mir liegt die hohe CPU Auslastung an dem Prozess svchost.exe. Davon sind im Schnitt 12 Stück vorhanden und diese wechseln sich jeweils ab. Ich hab leider im Forum nichts gefunden, was genau den selben Sachbestand besitzt. Ich hab meiner Meinung nach sehr viel versucht, vom Prozess ausfindig machen und versuchen zu beenden bis hin zu irgendwelchen Programm die es nur Analysieren(!). Wollte selber nicht in der Registry etc ändern um nichts Kaputt zu machen. und zu dem noch ein Bild von dem Prozess svchost.exe zugehörigen Services.OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.12.2011 02:42:53 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Users\DooM\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,34% Memory free 9,65 Gb Paging File | 8,22 Gb Available in Paging File | 85,12% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 8192 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive C: | 19,53 Gb Total Space | 1,00 Gb Free Space | 5,12% Space Free | Partition Type: NTFS Drive D: | 108,46 Gb Total Space | 12,21 Gb Free Space | 11,25% Space Free | Partition Type: NTFS Drive E: | 415,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1825,76 Gb Total Space | 1625,79 Gb Free Space | 89,05% Space Free | Partition Type: NTFS Drive H: | 37,25 Gb Total Space | 36,45 Gb Free Space | 97,86% Space Free | Partition Type: FAT32 Computer Name: DOOM-PC | User Name: DooM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.01 01:39:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Users\DooM\Desktop\OTL.exe PRC - [2011.11.17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- D:\Users\DooM\AppData\Local\Akamai\netsession_win.exe PRC - [2011.11.09 02:48:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.10.15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe PRC - [2011.02.02 15:25:04 | 001,051,264 | ---- | M] (Genie-soft) -- D:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe PRC - [2011.02.02 15:25:02 | 000,362,624 | ---- | M] (Genie-Soft) -- D:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe PRC - [2010.06.15 02:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- D:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe PRC - [2010.06.15 02:53:48 | 001,417,216 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe PRC - [2009.11.06 12:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2009.11.06 12:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\audiodg.exe PRC - [2009.06.05 16:42:04 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- D:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2011.11.09 02:48:14 | 001,989,592 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.10.15 00:54:26 | 000,265,536 | ---- | M] () -- D:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.02.02 13:43:02 | 000,342,528 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\GSIndexDB.dll MOD - [2011.02.02 13:43:02 | 000,051,712 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\QueueManager.dll MOD - [2011.02.02 13:43:00 | 000,144,384 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\Settings.dll MOD - [2010.12.29 14:54:38 | 000,038,400 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\GSLogging.dll MOD - [2010.09.06 12:50:38 | 000,080,384 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\GSEncryption.dll MOD - [2010.09.06 12:50:38 | 000,072,192 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\GSCurl.dll MOD - [2010.08.31 04:42:12 | 000,023,040 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll MOD - [2010.06.15 02:53:48 | 001,417,216 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe MOD - [2010.04.27 13:57:20 | 000,921,088 | ---- | M] () -- D:\Program Files\Genie-Soft\Genie Timeline\sqlite3.dll MOD - [2010.01.21 00:34:10 | 008,793,952 | ---- | M] () -- D:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010.01.09 19:18:18 | 004,254,560 | ---- | M] () -- D:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll MOD - [2004.09.30 18:09:36 | 000,155,648 | ---- | M] () -- D:\Program Files\LinkShellExtension\RockallDLL.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.18 01:57:41 | 003,313,752 | ---- | M] () [Auto | Running] -- d:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Disabled | Stopped] -- D:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- D:\Users\DooM\temp\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.02.02 15:25:02 | 000,362,624 | ---- | M] (Genie-Soft) [Auto | Running] -- D:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService) SRV - [2010.10.24 23:11:06 | 000,360,960 | ---- | M] (iZ3D Inc.) [Disabled | Stopped] -- D:\Program Files\iZ3D Driver\Win32\S3DCService.exe -- (S3DSvc32) S3D Service (Win32) SRV - [2010.01.21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.01.03 19:28:18 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\CPUCooL\CooLSRV.exe -- (CPUCooLServer) SRV - [2009.12.22 19:23:39 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- D:\Windows\System32\afasrv32.exe -- (AfaService) SRV - [2009.12.13 22:24:45 | 000,321,320 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.11.06 12:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Disabled | Stopped] -- D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009.11.06 12:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.05 16:42:04 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- D:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.09 00:02:42 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- D:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX) DRV - [2011.10.09 00:02:41 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH) DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.03.03 19:28:29 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon) DRV - [2010.10.06 17:04:02 | 000,034,968 | ---- | M] () [Kernel | System | Running] -- D:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys -- (iZ3DInjectionDriver) DRV - [2010.09.23 10:11:28 | 000,316,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.03 19:28:18 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- D:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.01.03 19:28:18 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- D:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2009.11.02 17:21:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.11.02 17:21:55 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.10.28 20:06:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.09.15 12:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\nvoclock.sys -- (nvoclock) DRV - [2009.08.04 09:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- D:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.07.16 10:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Stopped] -- D:\Windows\system32\drivers\MTiCtwl.sys -- (MagicTune) DRV - [2008.05.27 10:07:58 | 000,050,560 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2008.02.29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2007.04.11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.04.11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2006.10.20 11:57:20 | 000,012,352 | ---- | M] () [Kernel | System | Running] -- D:\Windows\System32\drivers\ntiowp.sys -- (ntiowp) DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- D:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006.03.07 17:43:40 | 000,111,872 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA) DRV - [2004.07.13 10:40:22 | 000,048,512 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\Umss.SYS -- (UMSSSTOR) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- D:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 A3 82 73 E9 54 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "hxxp://www.citydeal.de/deals/berlin" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: D:\Program Files\BitTorrent_DNA\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: D:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.15 19:42:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.11.09 02:48:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.11.15 19:42:09 | 000,000,000 | ---D | M] [2010.07.22 23:32:40 | 000,000,000 | ---D | M] (No name found) -- D:\Users\DooM\AppData\Roaming\Mozilla\Extensions [2010.07.22 23:32:40 | 000,000,000 | ---D | M] (No name found) -- D:\Users\DooM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2011.11.24 01:13:58 | 000,000,000 | ---D | M] (No name found) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions [2010.04.28 00:10:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.23 03:52:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.15 23:52:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.12 03:35:47 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.10.17 20:15:07 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\dplauncher@digitalpublishing.de [2009.10.27 04:46:09 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\max@subfighter.com [2009.10.27 04:46:09 | 000,000,000 | ---D | M] (Move Media Player) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\moveplayer@movenetworks.com [2009.10.27 04:46:09 | 000,000,000 | ---D | M] (VideoDownloader) -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\extensions\videodowloader@videodownloader.net [2009.11.01 14:33:05 | 000,002,163 | ---- | M] () -- D:\Users\DooM\AppData\Roaming\Mozilla\Firefox\Profiles\jtylwkr4.default\searchplugins\bing.xml [2011.11.27 03:13:12 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions [2011.08.25 23:18:40 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.11.27 03:13:13 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2009.10.27 04:32:54 | 000,000,000 | ---D | M] (BearShare MediaBar) -- D:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} () (No name found) -- D:\USERS\DOOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTYLWKR4.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI [2011.11.09 02:48:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll [2008.01.08 01:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = D:\Users\DooM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2011.10.20 13:43:06 | 000,436,246 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 uat-onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 wsuplay.ubi.com O1 - Hosts: 127.0.0.1 static8.cdn.ubi.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 15004 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (@D:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Genie TimeLine Tray] D:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malwareas\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] D:\Users\DooM\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - D:\Users\DooM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to iPhone Converter - D:\Users\DooM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - D:\Users\DooM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2FD134-ADB2-4BF1-A04E-429A663BB58F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D926D9-83A0-4C8D-80E5-3642832CB3E6}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) -D:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: D:\Users\DooM\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: D:\Users\DooM\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.10.29 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.08.08 00:57:50 | 000,000,000 | ---D | M] - E:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2011.02.25 03:09:34 | 002,834,432 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.04.10 18:32:30 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - Unable to obtain root file information for disk G:\ O32 - Unable to obtain root file information for disk H:\ O33 - MountPoints2\{4cc3d5b1-c3f5-11de-bd5f-0017318aef19}\Shell - "" = AutoRun O33 - MountPoints2\{4cc3d5b1-c3f5-11de-bd5f-0017318aef19}\Shell\AutoRun\command - "" = F:\INSTALL.EXE O33 - MountPoints2\{6b2e7413-f348-11e0-999c-d52372774303}\Shell - "" = AutoRun O33 - MountPoints2\{6b2e7413-f348-11e0-999c-d52372774303}\Shell\AutoRun\command - "" = I:\Autorun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.02.25 03:09:34 | 002,834,432 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\Windows\system32\Rundll32.exe D:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - D:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - - File not found MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - - File not found MsConfig - StartUpFolder: D:^Users^DooM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: BCSSync - hkey= - key= - D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: CmCardRun - hkey= - key= - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - D:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: H2O - hkey= - key= - D:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) MsConfig - StartUpReg: iCloudServices - hkey= - key= - D:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) MsConfig - StartUpReg: iPhone Explorer Launcher - hkey= - key= - D:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - D:\Windows\KHALMNPR.Exe (Logitech Inc.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - D:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: MultiScreen - hkey= - key= - File not found MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - D:\Program Files\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RGSC - hkey= - key= - G:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) MsConfig - StartUpReg: SoundMAX - hkey= - key= - D:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - D:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: UsbBoost - hkey= - key= - D:\Program Files\UsbBoost\TurboHddUsb.exe (FNet Co., Ltd.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.01 01:39:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Users\DooM\Desktop\OTL.exe [2011.11.29 21:58:42 | 000,000,000 | ---D | C] -- D:\Users\DooM\AppData\Roaming\Malwarebytes [2011.11.29 21:56:41 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.29 21:56:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes [2011.11.29 21:56:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys [2011.11.29 21:56:33 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malwareas [2011.11.27 22:50:08 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner [2011.11.27 04:55:47 | 000,135,360 | ---- | C] (Symantec Corporation) -- D:\Users\DooM\Desktop\FixBlast.exe [2011.11.20 14:35:45 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test [2011.11.15 19:44:22 | 000,000,000 | ---D | C] -- D:\Users\DooM\AppData\Local\DDMSettings [2011.11.15 19:41:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.11.15 19:40:40 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\DivX Shared [2011.11.15 19:20:24 | 000,000,000 | ---D | C] -- D:\Users\DooM\Documents\Rockstar Games [2011.11.15 19:14:47 | 000,000,000 | ---D | C] -- D:\Users\DooM\AppData\Local\Rockstar Games [2011.11.15 18:46:22 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- D:\Windows\System32\CmdLineExt.dll [2011.11.15 18:42:43 | 000,000,000 | ---D | C] -- D:\Windows\System32\xlive [2011.11.15 18:42:43 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Games for Windows - LIVE [2011.11.15 18:19:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2011.11.14 21:43:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.14 21:42:16 | 000,000,000 | ---D | C] -- D:\Program Files\iPod [2011.11.14 21:42:15 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes [2011.11.14 21:38:58 | 000,000,000 | ---D | C] -- D:\Users\DooM\AppData\Local\Skyrim [2011.11.14 21:32:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911 [2011.11.12 01:42:37 | 000,061,248 | ---- | C] (Khronos Group) -- D:\Windows\System32\OpenCL.dll [2011.11.11 23:04:39 | 000,000,000 | ---D | C] -- D:\Users\DooM\AppData\Local\Ubisoft Game Launcher [2011.11.11 22:48:06 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- D:\Windows\System32\drivers\MTiCtwl.sys [2011.11.11 22:45:18 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiScreen [2011.11.11 22:45:18 | 000,000,000 | ---D | C] -- D:\Program Files\MultiScreen [2011.11.11 22:38:06 | 000,000,000 | ---D | C] -- D:\Program Files\MonitorDriver [2011.11.04 02:13:34 | 000,000,000 | ---D | C] -- D:\Users\DooM\AppData\Local\Akamai [1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.01 02:36:42 | 000,000,214 | ---- | M] () -- D:\Windows\tasks\AutoKMSDaily.job [2011.12.01 02:33:49 | 000,010,288 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.01 02:33:48 | 000,010,288 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.01 02:27:44 | 000,000,214 | ---- | M] () -- D:\Windows\tasks\AutoKMS.job [2011.12.01 02:26:12 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2011.12.01 02:26:00 | 2415,271,936 | -HS- | M] () -- D:\hiberfil.sys [2011.12.01 02:24:36 | 000,000,020 | ---- | M] () -- D:\Users\DooM\defogger_reenable [2011.12.01 01:39:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Users\DooM\Desktop\OTL.exe [2011.11.29 21:56:41 | 000,001,085 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.29 03:00:28 | 000,030,720 | ---- | M] () -- D:\Windows\System32\umstartup.etl [2011.11.29 01:21:09 | 000,007,598 | ---- | M] () -- D:\Users\DooM\AppData\Local\Resmon.ResmonCfg [2011.11.28 16:33:41 | 000,439,448 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [2011.11.28 01:27:28 | 000,265,310 | ---- | M] () -- D:\Users\DooM\Documents\cc_20111128_012637.reg [2011.11.27 22:50:10 | 000,000,969 | ---- | M] () -- D:\Users\Public\Desktop\CCleaner.lnk [2011.11.27 04:55:49 | 000,135,360 | ---- | M] (Symantec Corporation) -- D:\Users\DooM\Desktop\FixBlast.exe [2011.11.24 23:32:11 | 000,624,578 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2011.11.24 23:32:11 | 000,110,216 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2011.11.15 18:46:22 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- D:\Windows\System32\CmdLineExt.dll [2011.11.15 18:19:08 | 000,000,893 | ---- | M] () -- D:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2011.11.14 21:43:09 | 000,001,753 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk [2011.11.14 21:39:38 | 000,001,261 | ---- | M] () -- D:\Users\DooM\Desktop\SkyrimLauncher.exe - Shortcut.lnk [2011.11.11 22:45:19 | 000,001,618 | ---- | M] () -- D:\Users\Public\Desktop\MultiScreen.lnk [2011.11.09 02:49:06 | 000,001,845 | ---- | M] () -- D:\Users\DooM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.01 02:24:20 | 000,000,020 | ---- | C] () -- D:\Users\DooM\defogger_reenable [2011.11.29 21:56:41 | 000,001,085 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.28 01:26:43 | 000,265,310 | ---- | C] () -- D:\Users\DooM\Documents\cc_20111128_012637.reg [2011.11.27 22:50:10 | 000,000,969 | ---- | C] () -- D:\Users\Public\Desktop\CCleaner.lnk [2011.11.21 00:20:09 | 017,245,218 | ---- | C] () -- D:\Users\DooM\Desktop\Scat - Hardliner.wav [2011.11.16 00:02:47 | 006,190,967 | ---- | C] () -- D:\wo bist du! paco, aziz, drp,mr.castro.wma [2011.11.15 18:19:08 | 000,000,893 | ---- | C] () -- D:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2011.11.14 21:43:09 | 000,001,753 | ---- | C] () -- D:\Users\Public\Desktop\iTunes.lnk [2011.11.14 21:39:38 | 000,001,261 | ---- | C] () -- D:\Users\DooM\Desktop\SkyrimLauncher.exe - Shortcut.lnk [2011.11.12 01:42:36 | 000,004,359 | ---- | C] () -- D:\Windows\System32\nvinfo.pb [2011.11.11 22:45:19 | 000,001,618 | ---- | C] () -- D:\Users\Public\Desktop\MultiScreen.lnk [2011.11.11 02:36:29 | 000,000,214 | ---- | C] () -- D:\Windows\tasks\AutoKMS.job [2011.11.11 02:36:28 | 000,000,214 | ---- | C] () -- D:\Windows\tasks\AutoKMSDaily.job [2011.10.28 01:30:13 | 000,000,000 | ---- | C] () -- D:\Users\DooM\AppData\Local\{9B30B77B-496C-4EB1-8A7B-5FC58AF3D15F} [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- D:\Windows\System32\nvStreaming.exe [2011.09.24 01:10:16 | 000,073,216 | ---- | C] () -- D:\Windows\System32\ff_vfw.dll [2011.09.23 04:35:01 | 000,190,464 | ---- | C] () -- D:\Windows\System32\PCGW32.DLL [2011.09.02 01:05:43 | 000,023,624 | ---- | C] () -- D:\Windows\System32\drivers\hitmanpro35.sys [2011.08.27 18:09:00 | 000,000,000 | ---- | C] () -- D:\Users\DooM\AppData\Local\{3450410A-36E6-44A6-982A-FF986805F67D} [2011.08.21 15:02:16 | 000,000,000 | ---- | C] () -- D:\Users\DooM\AppData\Local\{21AC4F97-B1DB-4954-84DA-77461D8BE396} [2011.08.16 16:49:16 | 000,000,000 | ---- | C] () -- D:\Users\DooM\AppData\Local\{578BD668-0AEF-4D87-9862-C6CEF5B369FB} [2011.08.16 16:48:50 | 000,000,000 | ---- | C] () -- D:\Users\DooM\AppData\Local\{B86C665B-A39B-461B-9A27-40A63BEDF514} [2011.05.21 01:07:07 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini [2011.01.03 00:20:00 | 000,011,232 | ---- | C] () -- D:\Windows\System32\drivers\SWDUMon.sys [2010.08.15 16:53:07 | 000,000,118 | ---- | C] () -- D:\Windows\System32\MRT.INI [2010.04.29 03:33:33 | 000,007,598 | ---- | C] () -- D:\Users\DooM\AppData\Local\Resmon.ResmonCfg [2010.04.29 02:54:33 | 000,024,576 | ---- | C] () -- D:\Windows\System32\AsIO.dll [2010.04.29 02:54:33 | 000,011,296 | ---- | C] () -- D:\Windows\System32\drivers\AsIO.sys [2010.04.29 02:54:23 | 000,011,832 | ---- | C] () -- D:\Windows\System32\drivers\AsInsHelp64.sys [2010.04.29 02:54:23 | 000,010,216 | ---- | C] () -- D:\Windows\System32\drivers\AsInsHelp32.sys [2010.04.29 02:53:31 | 000,013,216 | ---- | C] () -- D:\Windows\System32\drivers\ASACPI.sys [2010.04.06 19:04:52 | 000,286,208 | ---- | C] () -- D:\Windows\System32\Xbinkw32.dll [2010.03.28 23:41:41 | 000,011,776 | ---- | C] () -- D:\Users\DooM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.23 22:20:24 | 000,023,552 | ---- | C] () -- D:\Users\DooM\AppData\Local\WebpageIcons.db [2010.01.03 19:28:18 | 000,012,800 | ---- | C] () -- D:\Windows\System32\drivers\ntiopnp.sys [2010.01.03 19:28:18 | 000,011,392 | ---- | C] () -- D:\Windows\System32\drivers\ntiomin.sys [2009.12.29 01:14:33 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat [2009.12.22 19:21:27 | 000,065,536 | ---- | C] () -- D:\Windows\System32\afasrv32.exe [2009.10.27 05:01:24 | 000,021,924 | ---- | C] () -- D:\Windows\System32\emptyregdb.dat [2009.10.24 05:01:09 | 000,000,042 | ---- | C] () -- D:\Windows\System32\nt32200ax1.dll [2009.10.24 05:01:09 | 000,000,032 | ---- | C] () -- D:\Windows\ntcheck3232bx1.dll [2009.10.24 04:55:36 | 000,000,042 | ---- | C] () -- D:\Windows\System32\nt32200ax.dll [2009.10.24 04:55:36 | 000,000,032 | ---- | C] () -- D:\Windows\ntcheck3232bx.dll [2009.10.24 04:21:55 | 000,000,400 | ---- | C] () -- D:\Windows\ODBC.INI [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,439,448 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,624,578 | ---- | C] () -- D:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,216 | ---- | C] () -- D:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat [2009.04.07 17:57:13 | 000,018,944 | ---- | C] () -- D:\Windows\eraser.exe [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\System32\AgCPanelFrench.dll [2008.10.06 20:22:11 | 000,237,568 | ---- | C] () -- D:\Windows\System32\lame_enc.dll [2008.02.03 02:29:52 | 000,502,784 | ---- | C] () -- D:\Windows\x2.64.exe [2008.02.03 02:29:52 | 000,399,360 | ---- | C] () -- D:\Windows\System32\Smab.dll [2008.02.03 02:29:52 | 000,240,128 | ---- | C] () -- D:\Windows\System32\x.264.exe [2008.02.03 02:29:52 | 000,217,073 | ---- | C] () -- D:\Windows\meta4.exe [2008.02.03 02:29:52 | 000,066,560 | ---- | C] () -- D:\Windows\MOTA113.exe [2008.02.03 02:29:52 | 000,027,648 | ---- | C] () -- D:\Windows\System32\AVSredirect.dll [2008.02.03 02:29:44 | 000,027,648 | -HS- | C] () -- D:\Windows\System32\Smab0.dll [2007.11.29 23:30:28 | 003,596,288 | ---- | C] () -- D:\Windows\System32\qt-dx331.dll [2007.11.28 00:49:19 | 000,002,045 | ---- | C] () -- D:\Users\DooM\AppData\Roaming\NMM-MetaData.db [2007.11.26 17:08:06 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys [2007.11.26 17:08:05 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys [2007.11.14 13:28:56 | 000,000,173 | ---- | C] () -- D:\Windows\MusicMaker.INI [2007.11.14 12:38:47 | 000,049,152 | ---- | C] () -- D:\Windows\System32\mgxasio2.dll [2007.11.14 12:31:09 | 000,006,537 | ---- | C] () -- D:\Windows\mgxoschk.ini [2007.11.08 22:05:21 | 000,054,708 | ---- | C] () -- D:\Windows\War3Unin.dat [2007.11.08 20:40:47 | 000,290,748 | ---- | C] () -- D:\Windows\System32\perfi007.dat [2007.11.08 20:40:45 | 000,036,916 | ---- | C] () -- D:\Windows\System32\perfd007.dat [2007.11.08 20:40:44 | 000,626,016 | ---- | C] () -- D:\Windows\System32\perfh007.dat [2007.11.08 20:40:44 | 000,126,518 | ---- | C] () -- D:\Windows\System32\perfc007.dat [2007.11.08 01:04:56 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- D:\Windows\System32\CddbCdda.dll [2006.10.20 11:57:20 | 000,012,352 | ---- | C] () -- D:\Windows\System32\drivers\ntiowp.sys [2003.09.16 15:50:58 | 000,229,376 | ---- | C] () -- D:\Windows\System32\CmWatch.exe [2003.07.03 12:44:24 | 000,212,992 | ---- | C] () -- D:\Windows\System32\CmCardRm.exe [2003.05.30 14:27:46 | 000,032,768 | ---- | C] () -- D:\Windows\System32\CmCardRm.dll [2002.01.24 10:39:36 | 000,086,016 | ---- | C] () -- D:\Windows\System32\lxaxih.exe [2002.01.24 10:29:26 | 000,077,824 | ---- | C] () -- D:\Windows\System32\lxaxlcnp.dll [2002.01.24 10:09:56 | 000,174,592 | ---- | C] () -- D:\Windows\System32\LEXPPS.EXE [2002.01.24 10:05:11 | 000,040,960 | ---- | C] () -- D:\Windows\System32\INSTMON.EXE [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- D:\Windows\System32\giveio.sys ========== LOP Check ========== [2009.10.27 04:45:29 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Acreon [2009.06.30 14:55:21 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\advantage [2009.10.27 04:45:33 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Audacity [2009.10.27 04:45:34 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\BearShare [2011.11.28 01:25:07 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\BitTorrent [2009.10.27 04:45:34 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\BitTorrent DNA [2010.04.02 14:47:11 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Command and Conquer 4 [2009.10.27 04:45:34 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\concept design [2011.11.28 01:25:16 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\DAEMON Tools Lite [2011.10.17 20:15:20 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\digital publishing [2011.10.09 01:23:38 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\DVDVideoSoft [2011.10.09 01:23:02 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\DVDVideoSoftIEHelpers [2009.10.27 04:45:34 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\FileZilla [2009.10.27 04:45:34 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\FLV Extract [2009.10.27 04:45:34 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\FMZilla [2011.04.01 17:00:46 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\FreeFLVConverter [2011.10.08 23:03:04 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Genie-Soft [2011.09.23 04:34:59 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\iZ3D Driver [2009.10.27 04:45:35 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Jeyo [2011.08.18 01:10:45 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\LolClient [2009.10.27 04:45:55 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.01.07 16:03:15 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\MyPhoneExplorer [2009.10.27 04:46:10 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\NCH Swift Sound [2009.10.27 04:46:10 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Nokia [2009.10.27 04:46:10 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Nokia Multimedia Player [2009.10.27 04:46:11 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Orbit [2009.10.27 04:46:11 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\PC Suite [2011.08.07 23:14:05 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\PunkBuster [2011.09.27 23:12:41 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\R-TT [2011.10.20 12:09:16 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\redsn0w [2011.10.20 12:15:52 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Software4u [2009.10.27 04:46:11 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Sony [2009.10.27 04:46:11 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Steinberg [2011.09.23 04:56:37 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Stereoscopic Player [2011.09.20 03:25:49 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\SystemRequirementsLab [2011.10.27 13:08:27 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\TeamViewer [2010.07.22 23:32:38 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\TomTom [2010.05.27 10:35:36 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\TS3Client [2010.04.06 15:20:47 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Ubisoft [2011.04.09 16:23:52 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\Xilisoft [2011.03.24 23:39:50 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\XMedia Recode [2010.07.03 01:25:07 | 000,000,000 | ---D | M] -- D:\Users\DooM\AppData\Roaming\yess [2011.12.01 02:27:44 | 000,000,214 | ---- | M] () -- D:\Windows\Tasks\AutoKMS.job [2011.12.01 02:36:42 | 000,000,214 | ---- | M] () -- D:\Windows\Tasks\AutoKMSDaily.job [2011.11.28 23:35:50 | 000,032,608 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.01 13:42:34 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin [2010.05.12 17:05:29 | 000,000,000 | ---D | M] -- D:\10a4703e961a458f36 [2008.06.29 22:47:23 | 000,000,000 | ---D | M] -- D:\1a672a40987deaae5b3a7c [2008.06.29 12:17:43 | 000,000,000 | ---D | M] -- D:\3e5b44590ca684fa83c25ff2ed314f [2010.04.08 00:18:57 | 000,000,000 | ---D | M] -- D:\AC Saves [2007.11.15 18:56:01 | 000,000,000 | ---D | M] -- D:\Armin mukke [2007.11.14 14:22:04 | 000,000,000 | ---D | M] -- D:\AudioADI610x6100_Vista [2011.11.27 03:13:30 | 000,000,000 | -H-D | M] -- D:\Config.Msi [2010.04.08 00:18:53 | 000,000,000 | ---D | M] -- D:\cundc [2010.10.13 15:19:22 | 000,000,000 | ---D | M] -- D:\Desktop [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings [2007.02.24 19:18:55 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen [2010.04.01 05:54:32 | 000,000,000 | ---D | M] -- D:\Downloads [2011.11.12 02:32:43 | 000,000,000 | ---D | M] -- D:\fire download [2007.12.17 01:28:17 | 000,000,000 | ---D | M] -- D:\HANDY [2011.01.10 00:14:33 | 000,000,000 | ---D | M] -- D:\Intel [2007.11.06 21:05:32 | 000,000,000 | RH-D | M] -- D:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- D:\perflogs [2011.11.30 02:09:15 | 000,000,000 | R--D | M] -- D:\Program Files [2011.11.29 21:56:40 | 000,000,000 | -H-D | M] -- D:\ProgramData [2011.11.16 00:52:11 | 000,000,000 | ---D | M] -- D:\Programme [2009.10.27 05:19:32 | 000,000,000 | -HSD | M] -- D:\Recovery [2007.10.29 20:43:54 | 000,000,000 | -HSD | M] -- D:\RECYCLER [2011.08.17 03:43:26 | 000,000,000 | ---D | M] -- D:\Riot Games [2011.12.01 02:52:36 | 000,000,000 | -HSD | M] -- D:\System Volume Information [2007.05.17 22:49:48 | 000,000,000 | ---D | M] -- D:\Teamspeak2_RC2 [2008.03.12 14:52:11 | 000,000,000 | ---D | M] -- D:\Temp [2011.09.20 14:05:08 | 000,000,000 | R--D | M] -- D:\Users [2011.11.28 23:23:58 | 000,000,000 | ---D | M] -- D:\Windows [2011.12.01 02:41:40 | 000,000,000 | ---D | M] -- D:\wow patch [2010.06.17 22:02:23 | 000,000,000 | ---D | M] -- D:\WoW-LanguagePack-3.x.x-enGB [2007.02.18 18:53:47 | 000,000,000 | ---D | M] -- D:\WUTemp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-27 01:14:42 ========== Files - Unicode (All) ========== [2011.05.04 16:17:23 | 007,589,888 | ---- | M] ()(D:\Users\DooM\Desktop\Dariush Shatranj 'Chess' . ??????- ?????.mp3) -- D:\Users\DooM\Desktop\Dariush Shatranj 'Chess' . داریوش- شطرنج.mp3 [2011.05.04 16:16:55 | 007,589,888 | ---- | C] ()(D:\Users\DooM\Desktop\Dariush Shatranj 'Chess' . ??????- ?????.mp3) -- D:\Users\DooM\Desktop\Dariush Shatranj 'Chess' . داریوش- شطرنج.mp3 [2011.05.03 19:25:36 | 003,604,480 | ---- | M] ()(D:\Users\DooM\Desktop\Leaving on a Jet plane? w_lyrics.mp3) -- D:\Users\DooM\Desktop\Leaving on a Jet plane♥ w_lyrics.mp3 [2011.05.03 19:25:08 | 003,604,480 | ---- | C] ()(D:\Users\DooM\Desktop\Leaving on a Jet plane? w_lyrics.mp3) -- D:\Users\DooM\Desktop\Leaving on a Jet plane♥ w_lyrics.mp3 ========== Alternate Data Streams ========== @Alternate Data Stream - 600 bytes -> D:\Users\DooM\Documents\Anfrage.eml:OECustomProperty < End of report > Geändert von Grap (02.12.2011 um 14:14 Uhr) Grund: OTL direktpost |
| Themen zu PC nach dem Windowsstartup langsam, 100% CPU auslastung |
| 100%, 100% cpu, 100% cpu-auslastung, alternate, auslastung, beenden, bild, buffer, cpu, cpu auslastung, cpu problem, document, excel.exe, forum, gen, guten, hohe, hohe cpu, jahre, kaputt, laggen, langs, langsam, leute, neu, nginx, nichts, nutzen, nvlddmkm.sys, pando media booster, pc langsam, plug-in, power, problem, programm, prozess, registry, required, safer networking, security update, services, starten, static, studio, svchost.exe, version=1.0, warum, webcheck, ändern |
Baum-Darstellung