| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: CPU Auslastung ungewöhnlich hoch - Sehr oft bis zu 100%Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.01.2012, 11:20
| #1 |
 |  CPU Auslastung ungewöhnlich hoch - Sehr oft bis zu 100% Hallo, ich bin es wieder, mit einem neuen Laptop, sowie mit einem neuen Problem. Also seit 2 Tagen, ist der Laptop langsamer geworden, ich spiele zur Zeit nehmlich das Spiel "DarkOrbit". Dort hat es nie gehangen, auch wenn ich Millionen von Fenstern offen hatte, und jetzt hängt es sehr viel. Es liegt nicht an dem Spiel, sondern an der CPU Auslastung, die sehr hoch ist, fast immer 100%. Ich habe bereits auch Gegoogelt, und auch ein paar sachen gemacht, wie z.B. Programme aus dem Autostart genommen, alle Hintergrund Programme geschlossen, usw. Allerdings hat es keine positiven ergebnisse gebracht. Jetzt hab ich gedacht, das ich mir evt. ein Virus geholt habe, und Frage jetzt hier nach. OTL Logfiles OTL.Txt Code:
ATTFilter OTL logfile created on: 29.01.2012 10:40:55 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Peer\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,17 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 61,37% Memory free 6,01 Gb Paging File | 4,81 Gb Available in Paging File | 79,92% Paging File free Paging file location(s): c:\pagefile.sys 3000 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,59 Gb Total Space | 5,02 Gb Free Space | 10,13% Space Free | Partition Type: NTFS Drive D: | 136,72 Gb Total Space | 123,08 Gb Free Space | 90,03% Space Free | Partition Type: NTFS Computer Name: PEER-PC | User Name: Peer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.29 10:36:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peer\Downloads\OTL.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.11.09 19:49:26 | 000,123,392 | ---- | M] (Saitek) -- C:\Programme\SmartTechnology\Software\SaiMfd.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.06.15 16:59:27 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Peer\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.18 08:24:18 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2011.12.07 12:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll MOD - [2011.12.07 12:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll MOD - [2011.12.07 12:15:07 | 000,521,784 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\libglesv2.dll MOD - [2011.12.07 12:15:06 | 000,112,696 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\libegl.dll MOD - [2011.12.07 12:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll MOD - [2011.12.07 12:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll MOD - [2011.12.07 12:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll MOD - [2011.12.07 08:22:33 | 008,593,056 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll MOD - [2011.12.07 08:22:33 | 008,593,056 | ---- | M] () -- C:\Users\Peer\AppData\Local\Google\Chrome\APPLIC~1\160912~1.63\gcswf32.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (MobilityService) SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2012.01.05 11:38:47 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.01 01:24:20 | 000,475,808 | ---- | M] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) [Auto | Stopped] -- C:\Programme\iRacing\iRacingService.exe -- (iRacingService) SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- D:\hamachi-2.exe -- (Hamachi2Svc) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2012.01.05 09:13:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.11.10 09:30:24 | 000,046,144 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2011.11.10 09:30:24 | 000,022,720 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini) DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.09.20 09:34:24 | 000,147,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiK0CCB.sys -- (SaiK0CCB) DRV - [2011.09.20 09:34:24 | 000,041,152 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiU0CCB.sys -- (SaiU0CCB) DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2010.09.29 10:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfSBVMi386.sys -- (LADF_SBVM) DRV - [2010.09.29 10:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfDHP2i386.sys -- (LADF_DHP2) DRV - [2010.04.27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010.04.27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010.04.27 15:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2010.04.27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010.04.27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.05.28 06:57:50 | 000,767,664 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.05.17 02:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.17 01:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.16 13:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Freeware.de Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.28 13:58:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 02:06:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 15:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peer\AppData\Roaming\mozilla\Extensions [2012.01.04 10:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peer\AppData\Roaming\mozilla\Firefox\Profiles\4env4fx5.default\extensions [2011.08.16 00:24:58 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Peer\AppData\Roaming\mozilla\Firefox\Profiles\4env4fx5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.01.04 10:23:04 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Users\Peer\AppData\Roaming\mozilla\Firefox\Profiles\4env4fx5.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2011.12.30 11:46:45 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\Peer\AppData\Roaming\mozilla\Firefox\Profiles\4env4fx5.default\extensions\ffxtlbr@incredibar.com [2012.01.18 18:20:17 | 000,000,915 | ---- | M] () -- C:\Users\Peer\AppData\Roaming\Mozilla\Firefox\Profiles\4env4fx5.default\searchplugins\conduit.xml [2011.12.30 09:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.30 09:17:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.12.28 13:58:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.01.12 15:34:59 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\PEER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM () (No name found) -- C:\USERS\PEER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ENV4FX5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.06.20 19:32:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.07 02:06:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Peer\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Peer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Peer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: avast! WebRep = C:\Users\Peer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ CHR - Extension: General Crawler = C:\Users\Peer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\ CHR - Extension: Google Mail = C:\Users\Peer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Peer\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\MF.exe" /opentotray File not found O4 - HKCU..\Run: [SaitekInstall] C:\Windows\temp\Saitek\Cyborg_RAT_7_Gaming_Mouse_SD7_32_Drivers\00000005\setup.exe (Saitek) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found O8 - Extra context menu item: Mit Mipony herunterladen - file://D:\Download Manager\MiPony\Browser\IEContext.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89E2B1AF-0BF3-4E88-B224-AAAF2DC937B8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C66F2917-D5D8-4200-AC42-A165F822EB73}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\dämon tool\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.29 10:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.01.29 10:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.01.29 10:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2012.01.28 17:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.01.28 17:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.01.28 17:34:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012.01.26 17:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2 [2012.01.25 14:21:25 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [2012.01.19 14:58:15 | 000,000,000 | ---D | C] -- C:\Users\Peer\Documents\GTA San Andreas User Files [2012.01.17 08:11:56 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\TeamViewer [2012.01.16 15:10:25 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.01.16 15:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.01.16 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2012.01.13 21:13:30 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\gtk-2.0 [2012.01.13 21:13:30 | 000,000,000 | ---D | C] -- C:\Users\Peer\.thumbnails [2012.01.13 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\Peer\Documents\gegl-0.0 [2012.01.13 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\Peer\.gimp-2.6 [2012.01.13 20:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2012.01.13 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2012.01.12 15:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder [2012.01.12 15:34:58 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\Media Finder [2012.01.08 16:05:24 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\Teeworlds [2012.01.08 11:50:39 | 000,000,000 | ---D | C] -- C:\Users\Peer\riotsGamesLogs [2012.01.08 11:50:09 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\LolClient [2012.01.05 10:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2012.01.05 09:12:37 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\DAEMON Tools Lite [2012.01.05 09:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.01.04 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\with ogg_stream_reset_serialno [2012.01.04 15:26:16 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\TS3Client [2012.01.04 15:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.01.04 14:47:27 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\Mipony [2012.01.04 14:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony [2012.01.04 13:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [2012.01.04 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Local\PunkBuster [2012.01.04 10:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.01.01 01:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2012.01.01 00:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2012.01.01 00:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2011.12.31 23:29:28 | 000,000,000 | ---D | C] -- C:\Users\Peer\Documents\Navicat [2011.12.31 10:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft [2011.12.30 19:38:45 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Local\PMB Files [2011.12.30 19:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011.12.30 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2011.12.30 18:41:18 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.12.30 16:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2011.12.30 16:50:37 | 000,000,000 | ---D | C] -- C:\Users\Peer\Desktop\Sonstiges [2011.12.30 16:50:24 | 000,000,000 | ---D | C] -- C:\Users\Peer\Desktop\Wichtige sachen [2011.12.30 16:35:04 | 000,000,000 | ---D | C] -- C:\Users\Peer\Desktop\Games [2011.12.30 15:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2011.12.30 15:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.12.30 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com [2011.12.30 11:46:26 | 000,000,000 | ---D | C] -- C:\Users\Peer\Documents\My Cheat Tables [2011.12.30 11:46:23 | 000,000,000 | ---D | C] -- C:\Users\Peer\AppData\Local\TempDIR [2011.12.30 11:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1 [2011.06.15 17:04:34 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe ========== Files - Modified Within 30 Days ========== [2012.01.29 10:14:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 10:14:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 08:22:22 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.29 08:22:22 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.29 08:22:22 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.29 08:22:22 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.29 08:14:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.29 08:14:33 | 3404,648,448 | -HS- | M] () -- C:\hiberfil.sys [2012.01.28 17:44:52 | 000,001,356 | ---- | M] () -- C:\Users\Peer\AppData\Local\d3d9caps.dat [2012.01.21 17:20:50 | 000,171,018 | ---- | M] () -- C:\Users\Peer\Documents\ts3_clientui-win32-1321432557-2012-01-21 17_20_50.379554.dmp [2012.01.16 15:10:24 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2012.01.16 13:43:34 | 000,003,304 | ---- | M] () -- C:\Users\Peer\.recently-used.xbel [2012.01.08 13:28:40 | 000,093,412 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012.01.08 10:15:15 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.01.08 09:40:37 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.01.05 13:44:26 | 000,138,056 | ---- | M] () -- C:\Users\Peer\AppData\Roaming\PnkBstrK.sys [2012.01.05 13:28:43 | 003,360,624 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [2012.01.04 17:30:14 | 001,060,864 | ---- | M] () -- C:\Windows\System32\vorbis.dll [2012.01.01 12:06:02 | 000,007,726 | ---- | M] () -- C:\Users\Peer\Untitled.pr0 [2012.01.01 11:59:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SaiK0CCB_01009.Wdf [2012.01.01 11:59:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.12.31 20:35:41 | 000,297,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.31 08:45:29 | 000,000,023 | ---- | M] () -- C:\Windows\ODBCINST.INI [2011.12.30 11:46:48 | 000,000,447 | ---- | M] () -- C:\user.js ========== Files Created - No Company Name ========== [2012.01.28 17:51:04 | 3404,648,448 | -HS- | C] () -- C:\hiberfil.sys [2012.01.28 17:34:49 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2012.01.21 17:20:50 | 000,171,018 | ---- | C] () -- C:\Users\Peer\Documents\ts3_clientui-win32-1321432557-2012-01-21 17_20_50.379554.dmp [2012.01.17 08:13:34 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.01.16 15:10:12 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2012.01.16 13:43:34 | 000,003,304 | ---- | C] () -- C:\Users\Peer\.recently-used.xbel [2012.01.08 13:28:40 | 000,093,412 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.01.04 17:30:12 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2012.01.04 17:28:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll [2012.01.04 17:15:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll [2012.01.04 12:12:50 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2012.01.04 12:09:43 | 000,138,056 | ---- | C] () -- C:\Users\Peer\AppData\Roaming\PnkBstrK.sys [2012.01.04 12:09:43 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.01.04 12:09:23 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.01.04 12:09:22 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.01.04 12:09:21 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2012.01.01 12:06:02 | 000,007,726 | ---- | C] () -- C:\Users\Peer\Untitled.pr0 [2012.01.01 11:59:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SaiK0CCB_01009.Wdf [2012.01.01 11:59:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.01.01 11:59:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2011.12.31 10:38:48 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2011.12.31 08:40:24 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.12.30 11:46:47 | 000,000,447 | ---- | C] () -- C:\user.js [2011.06.22 02:09:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.06.21 11:23:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.21 11:23:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.06.17 18:19:53 | 000,001,356 | ---- | C] () -- C:\Users\Peer\AppData\Local\d3d9caps.dat [2011.06.16 02:36:11 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2011.06.16 02:36:09 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2011.06.16 02:22:08 | 000,115,440 | ---- | C] () -- C:\Users\Peer\AppData\Roaming\nvModes.001 [2011.06.16 02:22:02 | 000,115,440 | ---- | C] () -- C:\Users\Peer\AppData\Roaming\nvModes.dat [2011.06.15 17:04:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2010.09.29 10:34:38 | 000,075,096 | ---- | C] () -- C:\Windows\System32\LADFCoinst_i386.dll [2007.07.28 20:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.28 18:03:11 | 000,000,117 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.07.28 18:02:40 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini [2007.07.28 10:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.07.28 10:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.07.28 09:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.07.28 09:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.07.28 09:23:38 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,297,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2012.01.18 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\.minecraft [2012.01.22 15:26:34 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\DAEMON Tools Lite [2012.01.15 18:51:29 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\gtk-2.0 [2011.07.12 22:38:21 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\Leadertech [2012.01.08 11:50:09 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\LolClient [2012.01.14 08:29:16 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\Media Finder [2012.01.06 15:43:40 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\Mipony [2011.10.23 16:24:17 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\redsn0w [2012.01.17 08:18:44 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\TeamViewer [2012.01.08 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\Teeworlds [2011.08.15 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\TradingPaints Downloader [2012.01.18 20:10:40 | 000,000,000 | ---D | M] -- C:\Users\Peer\AppData\Roaming\TS3Client [2012.01.28 22:01:13 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.15 16:59:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.06.15 17:02:50 | 000,000,000 | ---D | M] -- C:\Acer [2011.06.24 10:21:49 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.15 16:55:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.07.28 18:02:32 | 000,000,000 | ---D | M] -- C:\DRV [2007.07.28 10:44:24 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.06.17 18:33:34 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.06.20 20:20:30 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.29 10:06:14 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.29 10:06:20 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.15 16:55:00 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.29 10:49:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.28 17:46:37 | 000,000,000 | R--D | M] -- C:\Users [2012.01.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2011.06.17 01:33:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2011.06.17 01:33:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2011.06.17 01:33:34 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2011.06.17 01:51:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2011.06.17 01:51:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2011.06.17 01:33:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-28 09:51:07 < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.01.2012 10:40:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Peer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,17 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 61,37% Memory free
6,01 Gb Paging File | 4,81 Gb Available in Paging File | 79,92% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,59 Gb Total Space | 5,02 Gb Free Space | 10,13% Space Free | Partition Type: NTFS
Drive D: | 136,72 Gb Total Space | 123,08 Gb Free Space | 90,03% Space Free | Partition Type: NTFS
Computer Name: PEER-PC | User Name: Peer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A0A173B-64D8-495B-8DA3-483872894D17}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A15A981-FAFC-4A58-98C9-D4EB8F8C3334}" = lport=137 | protocol=17 | dir=in | app=system |
"{33D11AE1-9877-4F2E-8043-92BED8B133E9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{3A2B5D4A-3172-45CB-ACCC-28846F66914B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A74541C-85CB-44EB-8AE5-A165C98914C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E9EA4EF-6200-4AAB-97BB-81B82BAC3D76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{549704E2-37C3-4C89-8837-B63435DA17BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{549ACE26-9341-4E92-A513-7B47EB64B10A}" = rport=445 | protocol=6 | dir=out | app=system |
"{60E612BE-2B4F-445D-9781-B2C65AE71985}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B984651-79CC-498C-8159-F571A9C1412D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7895AF1B-1951-46D8-982C-C9140BEABC63}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C19C408-A651-4124-8750-DE7CF64006E8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7D0701B1-EB99-4FBC-B1A5-1945ECDBFE94}" = rport=137 | protocol=17 | dir=out | app=system |
"{B1604F3E-5103-47E2-8CC6-7EECCD2A921E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B6537E1D-82AC-4951-AA20-63013E09E33E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{B7F6F282-D344-4672-B9A3-AB2C980AB7A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BBA4402F-4B1C-4EDB-98F0-21CF07ACF289}" = lport=138 | protocol=17 | dir=in | app=system |
"{C3D8AF98-6529-4BCF-A0C1-FEC185B2CB42}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{C4166CA3-2132-4FBF-95F2-606BC09CD257}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9432B9B-F14F-4197-AABB-DFF65B9AE727}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{D1D45FC8-A41F-4076-91A8-59CADE731E9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD9487B1-E75C-4473-B7BB-D13BFBE0F7D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{F045C07C-B3FE-4935-9BC1-9F496FDFEEC6}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017AEE9B-AC2E-44B3-891C-A8E424785DD9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{090011A6-71CC-492D-BE2E-2C42EA023A7A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{0CC1D225-C13C-479B-88F1-E2343C319E4D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{18E0B393-72B0-4BE3-B0B6-656BF0426E49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D482BB8-E256-466C-9605-40D637D1C543}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{24EDA5BC-597A-4DA9-B2CE-3C7CD40F18CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2722E01B-594F-4B96-BD07-027C25EFA3E5}" = protocol=6 | dir=out | app=system |
"{2E93ADE2-8A03-4534-AD68-936329D87A7E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{302D4999-1089-420E-BF57-C80604743C52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EA999DF-3BA9-498C-8E9A-B253CE0FDE35}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{443FD6FC-DF16-48F8-87D9-1559431AB8B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4603B33C-734A-4AF3-A9C2-D8184D7E9A21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{523A47AE-CF2F-4A32-867C-369E6C1B2D9F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{558FB5FA-02C6-4A8A-BFF3-98065DDEA338}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{563F8EA8-6CD1-4084-82D4-F72F94EBEC67}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5C019591-ED2F-41F7-BF62-7239569CFB25}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{66248A60-2970-4323-9137-1804AC5533CF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{684748A8-6F53-4C8A-B75E-1AE74B89A970}" = protocol=6 | dir=in | app=d:\ca\combat arms eu\nmservice.exe |
"{74CB0872-F97E-4B14-8EF8-2BF2DA12A70A}" = protocol=17 | dir=in | app=d:\ca\combat arms eu\nmservice.exe |
"{79225452-7B3A-41A8-9323-C3D24EC78988}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{93275321-2F77-427C-B1F9-5E88EE749FA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{976FF901-C247-4957-83E3-1EAD4E2D32C6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{98091484-F6B9-4973-916F-DC01E0478B9D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9813433C-19D2-4C2B-A1CB-ED550897727A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A25F33D7-0E1E-40CF-8667-9BD36CC61CE2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A37449C0-F8F1-45D2-B10E-4FB827D656A1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{AB86A3E5-548C-402D-A83C-662C99D7DBDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C260D48E-41E7-4AFB-9A69-C872652DF6E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{CEB497A2-EF47-4E19-8AB6-C51AC926B2BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0673F6D-44F4-4055-961E-DEBA38675F88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2DC48C8-6FF0-42F7-8481-09D9E9A178C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3BEA8A1-C36D-4878-A87D-384170418DF8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D5776E2E-DF5B-40A2-95CE-533559A1D9A8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D78C06F8-BF68-4BFE-BA68-C618202CA822}" = protocol=6 | dir=in | app=d:\ca\combat arms eu\nmservice.exe |
"{DC650B03-3780-43C8-99CF-C9CFABEB3890}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF4B6B76-1A87-408C-81E7-C21742916A1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23DD168-50E2-4056-B3BA-8F342A5E7C70}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E79FFF19-EF3F-4068-BDF4-2A732E90D0BD}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{EA7D4168-D164-43A7-B1C1-035B1396267F}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{EFC6036C-6D78-4472-A1CE-43B3978D5C90}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F01B9E43-8D57-4BE4-8A80-A07BBA9708A6}" = protocol=17 | dir=in | app=d:\ca\combat arms eu\nmservice.exe |
"{F3E30D2E-038A-4831-9187-F05F705728AF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F5B1D63E-DEE8-40BF-BD4C-DCC0EF80FF9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F7884ED9-5378-4EB2-8407-E1985B4FF8FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{3711449A-D7B6-430C-9C21-0C3A638D8325}D:\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"TCP Query User{3CD7F8FD-D69B-4346-B15C-132D51FEEE9E}D:\metin2\metin2\metin2.exe" = protocol=6 | dir=in | app=d:\metin2\metin2\metin2.exe |
"TCP Query User{4AB61A84-318B-40A1-B30D-DE6C4AB87B14}D:\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"TCP Query User{90B79F14-E316-4EF1-92A3-3A492BF2BA1D}D:\metin2\metin2\metin2client.bin" = protocol=6 | dir=in | app=d:\metin2\metin2\metin2client.bin |
"TCP Query User{A6ED34BF-6253-430F-BCD6-2AE3DA48F73F}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D0BD8B36-091A-4F08-A54F-4A1E7239B70F}C:\users\peer\appdata\local\temp\rar$ex23.848\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\peer\appdata\local\temp\rar$ex23.848\iw4mp.exe |
"TCP Query User{D1C05C8E-97A2-449E-AA91-80954CD62F7D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F9314F79-0DF4-4126-B47C-C50CFD4DB719}D:\metin2\metin2\metin2.exe" = protocol=6 | dir=in | app=d:\metin2\metin2\metin2.exe |
"UDP Query User{082F224C-BC0C-47C8-8DC6-291EE1987901}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3134FB33-4C00-4372-A9A0-481212F336B7}D:\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"UDP Query User{4770D92F-CDC8-4753-8287-165634B56F70}D:\metin2\metin2\metin2.exe" = protocol=17 | dir=in | app=d:\metin2\metin2\metin2.exe |
"UDP Query User{5F2A99E8-BFBB-49BA-BFC2-E92AC0F540A2}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{5F564212-72C2-416A-9BB2-ECA27576BAA5}C:\users\peer\appdata\local\temp\rar$ex23.848\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\peer\appdata\local\temp\rar$ex23.848\iw4mp.exe |
"UDP Query User{63F74E08-9A8A-41CF-BDE8-A3DE35804101}D:\metin2\metin2\metin2.exe" = protocol=17 | dir=in | app=d:\metin2\metin2\metin2.exe |
"UDP Query User{A9664D2F-F5C7-49D2-A65E-28DF0BDAC4C0}D:\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"UDP Query User{CF955FD1-CB88-40DE-B576-65FDDBDCD65A}D:\metin2\metin2\metin2client.bin" = protocol=17 | dir=in | app=d:\metin2\metin2\metin2client.bin |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye webcam
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91AF98A4-10D2-48E1-87D0-051423D93632}" = Smart Technology Programming Software 7.0.12.11
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{C58F5758-AE8C-4A2B-A80F-FF495700991A}" = TradingPaints Downloader
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 13.0.800.1
"{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}" = iRacing.com Race Simulation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"LogMeIn Hamachi" = LogMeIn Hamachi
"Metin2_is1" = Metin2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PremiumSoft Navicat Premium 8.2_is1" = PremiumSoft Navicat Premium 8.2
"PunkBusterSvc" = PunkBuster Services
"Security Task Manager" = Security Task Manager 1.8d
"SpeedFan" = SpeedFan (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2012 11:55:26 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 594 Anfangszeit: 01ccdaaefe38fb33 Zeitpunkt der Beendigung:
5494
Error - 24.01.2012 13:03:08 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1620 Anfangszeit: 01ccdab57a2ea093 Zeitpunkt der Beendigung:
3199
Error - 24.01.2012 13:20:37 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: c6c Anfangszeit: 01ccdaba129d0253 Zeitpunkt der Beendigung:
380
Error - 25.01.2012 07:54:34 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 13b8 Anfangszeit: 01ccdb5606ef715b Zeitpunkt der Beendigung:
2791
Error - 25.01.2012 08:40:27 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 14d8 Anfangszeit: 01ccdb5e41f861fb Zeitpunkt der Beendigung:
292
Error - 25.01.2012 08:43:23 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 10a8 Anfangszeit: 01ccdb5e90c347fb Zeitpunkt der Beendigung:
41549
Error - 25.01.2012 08:46:10 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 61c Anfangszeit: 01ccdb5f2ed8561b Zeitpunkt der Beendigung:
457
Error - 25.01.2012 09:05:13 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 161c Anfangszeit: 01ccdb5f896a862b Zeitpunkt der Beendigung:
601
Error - 25.01.2012 09:16:48 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1768 Anfangszeit: 01ccdb62069796eb Zeitpunkt der Beendigung:
1128
Error - 25.01.2012 09:18:23 | Computer Name = Peer-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 17d8 Anfangszeit: 01ccdb63a9be240b Zeitpunkt der Beendigung:
1274
[ System Events ]
Error - 28.01.2012 14:33:16 | Computer Name = Peer-PC | Source = bowser | ID = 8003
Description =
Error - 29.01.2012 03:14:20 | Computer Name = Peer-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 29.01.2012 03:14:31 | Computer Name = Peer-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 29.01.2012 03:16:30 | Computer Name = Peer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2012 03:16:30 | Computer Name = Peer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2012 03:17:46 | Computer Name = Peer-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 29.01.2012 03:18:03 | Computer Name = Peer-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 29.01.2012 03:18:35 | Computer Name = Peer-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 29.01.2012 03:18:46 | Computer Name = Peer-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 29.01.2012 05:19:36 | Computer Name = Peer-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
|
|
29.01.2012, 20:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  CPU Auslastung ungewöhnlich hoch - Sehr oft bis zu 100% Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu CPU Auslastung ungewöhnlich hoch - Sehr oft bis zu 100% |
| antivirus, auslastung, autorun, bho, desktop, error, excel.exe, feedback, firefox, flash player, frage, google, helper, home, hängt, incredibar, incredibar toolbar, install.exe, microsoft office word, mipony, montera, nvidia update, object, plug-in, pop-up-blocker, popup, realtek, registry, required, rundll, scan, senden, software, svchost.exe, teamspeak, version=1.0, virus, vista |
Linear-Darstellung
