| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC Auslastung seit paar tagen Extrem hoch.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.02.2012, 20:20
| #1 |
 |  PC Auslastung seit paar tagen Extrem hoch. Hallo Troja Board, mein PC hat seit ein paar Tagen Komisch hohe CPU Auslastung, ich hab eigentlich nichts neues installiert, aber dennoch springt er von 17% Auf 80%+ Woran könnte das liegen? |
|
09.02.2012, 16:32
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC Auslastung seit paar tagen Extrem hoch.Zitat:
 Vllt postest du mal welcher Prozess die Last erzeugt?!
__________________ |
|
11.02.2012, 00:34
| #3 |
| | PC Auslastung seit paar tagen Extrem hoch. am meisten kommt svchost oder wie man es nennt, Sorry hab den namen vergessen.
__________________Das frisst i.wie am meisten. Was könnte ich den posten damit ihr mehr infos habt? :S |
|
12.02.2012, 12:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC Auslastung seit paar tagen Extrem hoch. svchost.exe ist ein allgemeiner "Hüllenprozess" die Ursache kann da vielfältig sein Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.02.2012, 21:36
| #5 |
| | PC Auslastung seit paar tagen Extrem hoch. ESET Test: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=142d8207e0017145bdaa2d8822ccb464
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-18 07:33:42
# local_time=2012-02-18 08:33:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 859475 859475 0 0
# compatibility_mode=5893 16776573 100 94 164069 81988250 0 0
# compatibility_mode=8192 67108863 100 0 3806 3806 0 0
# scanned=258344
# found=2
# cleaned=2
# scan_time=11063
C:\Users\Konstantin\Downloads\SoftonicDownloader_fuer_ideas.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Konstantin\Downloads\SoftonicDownloader_fuer_paragon-partition-manager.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.18.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Konstantin :: KONSTANTINS-PC [Administrator] Schutz: Aktiviert 18.02.2012 21:31:00 mbam-log-2012-02-18 (21-31-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 189499 Laufzeit: 3 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich hoffe das hilft weiter. |
|
19.02.2012, 19:08
| #6 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC Auslastung seit paar tagen Extrem hoch.Zitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Zitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________ --> PC Auslastung seit paar tagen Extrem hoch. |
|
19.02.2012, 21:16
| #7 |
| | PC Auslastung seit paar tagen Extrem hoch.Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.19.02 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Konstantin :: KONSTANTINS-PC [Administrator] Schutz: Aktiviert 19.02.2012 19:31:34 mbam-log-2012-02-19 (19-31-34).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 423756 Laufzeit: 1 Stunde(n), 29 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.02.2012, 21:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC Auslastung seit paar tagen Extrem hoch. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2012, 21:29
| #9 |
| | PC Auslastung seit paar tagen Extrem hoch.Code:
ATTFilter OTL logfile created on: 20.02.2012 21:12:50 - Run 1 OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Konstantin\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,89% Memory free 8,00 Gb Paging File | 6,31 Gb Available in Paging File | 78,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 780,63 Gb Total Space | 611,10 Gb Free Space | 78,28% Space Free | Partition Type: NTFS Computer Name: KONSTANTINS-PC | User Name: Konstantin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.19 23:07:25 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Konstantin\Desktop\OTL.exe PRC - [2012.02.19 14:45:24 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.10.15 12:23:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.10.11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011.10.11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.09.30 14:16:06 | 002,155,848 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.17 13:22:06 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [Disabled | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.04.29 22:55:08 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device) SRV - [2012.02.19 14:45:24 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.02.14 11:10:48 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.24 13:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.15 12:23:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.01.15 03:20:04 | 000,415,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher) SRV - [2010.09.30 14:16:06 | 002,155,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcgcoms.exe -- (lxcg_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.19 14:45:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.01.24 13:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2011.12.17 13:27:34 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.12.17 13:27:10 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.17 13:26:43 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.11 15:06:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.11 15:06:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.09.23 12:25:54 | 000,272,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.07.19 12:08:18 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.06.18 06:09:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.18 11:11:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.02.17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb) DRV:64bit: - [2008.02.12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm) DRV:64bit: - [2008.02.05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV:64bit: - [2006.12.05 10:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.01.18 22:37:32 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\raspppoe.sys -- (RasPppoe) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B EC 87 01 12 29 CC 01 [binary data] IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Konstantin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 14:04:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 14:04:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.17 17:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.24 05:25:10 | 000,000,000 | ---D | M] [2012.02.03 01:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konstantin\AppData\Roaming\mozilla\Extensions [2012.02.03 01:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konstantin\AppData\Roaming\mozilla\Firefox\Profiles\pwhdhrhp.default\extensions [2012.02.19 12:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\KONSTANTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PWHDHRHP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.17 17:44:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.03 01:25:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.06.14 11:45:57 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [LXCGCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCGtime.DLL () O4:64bit: - HKLM..\Run: [lxcgmon.exe] C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8128EBD5-C04D-4BBB-B6F5-68BC5CCFA2BA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.09.23 13:20:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell\AutoRun\command - "" = I:\Setup.exe O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell\AutoRun\command - "" = F:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Konstantin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: Dyyno Launcher - hkey= - key= - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe () MsConfig:64bit - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.XVID - xvidvfw.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.20 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{33C682A8-9889-48AB-A9A8-C42473067584} [2012.02.20 09:41:09 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{4F5380D2-367A-47F7-B7A1-314925F777FA} [2012.02.19 23:07:20 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Konstantin\Desktop\OTL.exe [2012.02.19 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\Microsoft Games [2012.02.19 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Avira [2012.02.19 12:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.19 12:44:42 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.02.19 12:44:42 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.02.19 12:44:42 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.02.19 12:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.02.19 12:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.02.19 12:33:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.02.19 10:58:12 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DF858A04-6C73-4970-9929-0C6952DA2D64} [2012.02.19 10:57:31 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{66C1CF10-F600-4895-AF2F-AD8CF1B58340} [2012.02.18 18:57:24 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.02.18 17:59:45 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Malwarebytes [2012.02.18 17:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.18 17:59:36 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.18 17:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.18 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.18 17:57:43 | 004,763,456 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Konstantin\Desktop\procexp.exe [2012.02.18 17:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.18 17:24:46 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Konstantin\Desktop\esetsmartinstaller_enu.exe [2012.02.18 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{155150D8-CAEC-4A30-BD89-10CD152E514E} [2012.02.18 10:34:17 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{844AA980-DDA8-4AAC-9610-9709A7C7B6E8} [2012.02.17 11:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.02.17 11:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.02.17 11:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.02.17 11:29:10 | 000,000,000 | ---D | C] -- C:\AMD [2012.02.17 11:18:53 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{EF2E4D7D-EAC2-4EB3-B822-566E22C34021} [2012.02.17 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{99F9771C-16A9-4775-9139-B1155C48AF18} [2012.02.16 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{76336C92-9548-41B7-9D57-B9176CEBE552} [2012.02.16 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{46BA236F-3FAA-4F9F-9EC2-FB06B99CE566} [2012.02.16 07:02:10 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{83279375-F674-4C3D-9B15-C4707F09D4CF} [2012.02.16 07:01:54 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{529FEA91-A64F-45B2-8898-8C46A06482F0} [2012.02.15 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{70FFD563-16E4-4E1D-81BC-FD5F53E22F86} [2012.02.15 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{AC63696B-3A61-4807-9ADF-8234C2BA0B38} [2012.02.14 04:29:24 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{ACBC54CF-69E0-4BC5-A6E0-0619389BA4C4} [2012.02.14 04:29:06 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{9C1BE537-7FCA-4321-BF09-53D85D355CB4} [2012.02.13 10:35:35 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{419463FE-B906-4A8A-9422-6F5EF0B668EA} [2012.02.13 10:35:16 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D2E9D427-AE57-4E69-987E-B8AB437B19D5} [2012.02.12 09:29:31 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{5FD75202-D5DB-4A16-A828-A1A6EB2947AA} [2012.02.12 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{639433D0-8F06-4031-BF6C-95F36D7027E4} [2012.02.11 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{AF2880C5-9E96-409D-AEC0-CE1ECD23140A} [2012.02.11 15:30:08 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{03A5E2D7-7CF7-4CBD-B133-5973D2A4495D} [2012.02.11 03:29:39 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B2C45660-0B30-45C3-A0B8-5B0F578292D1} [2012.02.11 03:29:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B8CFEC15-E4FE-49EC-A1C6-E1E49DD212F4} [2012.02.10 12:08:59 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DA050DC5-DE34-45FA-A7F0-FBCEEF0D078A} [2012.02.10 12:08:42 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{43753DDC-700D-440D-811D-542E045EB3F9} [2012.02.09 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{72022ADE-5C99-4A72-9013-D184B087631C} [2012.02.09 09:50:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D066A34D-3648-40F7-9EB7-1D46AB10204E} [2012.02.08 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{77ED8C20-4ACA-4274-8FFB-C4C1EB6C432E} [2012.02.08 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B36B9C78-0F99-4C57-B741-3CBE61969A99} [2012.02.08 19:36:01 | 001,075,528 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Konstantin\Desktop\procexp64.exe [2012.02.08 08:48:50 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D06886AC-24D2-48D6-860F-69541EECA156} [2012.02.08 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D03400A8-1779-4C89-BA06-62E524155FE7} [2012.02.07 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{EF80E3D9-CF12-4C9D-AB8A-9392000DDA0F} [2012.02.07 11:23:58 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D3760354-BA16-4083-B046-E05ADF80ED3A} [2012.02.06 10:18:29 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{70AB0ED5-48BB-49FD-9E99-CC6ECF956BFD} [2012.02.06 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{99EE05FE-D76B-40CB-A9D0-849CF8F06B76} [2012.02.05 15:47:43 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\Documents\ICQ [2012.02.05 09:14:49 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{AB82F8E1-4AF2-4A8D-9317-4CAD0D6E21F2} [2012.02.05 09:14:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{80F3667C-499E-4DDD-929C-20FD643C43D8} [2012.02.04 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape [2012.02.04 18:12:51 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\jagexcache [2012.02.04 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B71FD386-E305-48DB-9A4E-EB40FF0AF5BD} [2012.02.04 11:11:28 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{637D989C-0FBD-407A-B043-FD6C4DFAACEB} [2012.02.03 12:07:55 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{5343FC9C-B615-45A3-998A-1122942420CD} [2012.02.03 12:06:51 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B7923CAC-D175-4B20-BBDF-9B1532C07103} [2012.02.03 01:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.02.03 01:13:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.02.03 01:12:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Mozilla [2012.02.02 12:45:27 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{4FD8C202-7552-465B-BD91-5F8C109645EA} [2012.02.02 12:45:11 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{9F2D19E1-D11A-4AE8-AAD2-31D2B8FE661E} [2012.02.01 08:16:42 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B1AA55C0-BC07-4F7E-9FE6-76E4B4B51452} [2012.02.01 08:16:16 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{7B051D50-1C18-4D89-8D3F-4F63C5CA2499} [2012.01.31 09:21:14 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{2417A506-872D-4FC3-86FA-1C82E173F867} [2012.01.31 09:20:55 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DD1A6D38-2A9C-4316-B4DB-CEBF78C9B366} [2012.01.30 11:31:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D5F15E5C-C5B7-4E25-9998-4112E832FD5C} [2012.01.30 11:31:00 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{35AF465B-7256-4D17-BDEF-6BAEE267DD2F} [2012.01.29 23:30:32 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{EEC6DCC6-0EF5-40BF-86CD-19308D89B0CB} [2012.01.29 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DEDDF53A-037C-45EC-81E1-470ED11860F1} [2012.01.29 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{1359295B-5CE1-4D59-87F7-B0F991CDE506} [2012.01.29 11:29:08 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{9D344C1E-CFCE-4B72-ABF8-5B21C1A3D517} [2012.01.28 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{2C501E7F-A295-438D-B1B3-6EFB8C91F095} [2012.01.28 10:23:17 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{00DDFA00-0ED5-41A7-9C0F-55B18E100F82} [2012.01.27 22:22:47 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B576DF12-94C6-484C-A8B7-76B31F45BE79} [2012.01.27 22:22:33 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{ADD0EB5F-6AEE-4E49-88AF-04387AAE1320} [2012.01.27 20:29:11 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\Documents\Outlook-Dateien [2012.01.27 07:18:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{471A6C58-5AAC-4537-84A5-C119BB839552} [2012.01.27 07:18:00 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{E56CE5FF-5689-4321-9879-607DDCD28727} [2012.01.26 10:58:32 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{F6295647-5C85-494B-9B39-A10FF366F72D} [2012.01.26 10:58:17 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{554A8280-F75C-444E-9214-C8A1517D3232} [2012.01.25 09:48:52 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{E344BD82-1BB6-4C6A-AE3D-75557D529316} [2012.01.25 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{65F2BAE4-268B-422A-967D-28337BADDE4A} [2012.01.24 10:00:47 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{843B86DF-B9FF-497E-8809-5C97AD617705} [2012.01.24 10:00:22 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{FCF61FB6-4914-459E-947A-3D721DF41FE9} [2012.01.23 19:47:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{47CA6ACD-C286-408D-9BB0-6FAC70D09E18} [2012.01.23 19:47:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{43CB5D28-0D57-41A1-BF53-DF5DE8C9110C} [2012.01.23 07:46:39 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{1606BA7E-90F4-4548-9420-7741193C19A2} [2012.01.23 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{73C2777D-B362-4A21-8E29-96248FF78D2F} [2012.01.22 23:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2012.01.22 23:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.01.22 23:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.01.22 23:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2012.01.22 23:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2012.01.22 23:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012.01.22 23:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.01.22 23:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012.01.22 23:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.01.22 22:59:22 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\Microsoft Help [2012.01.22 22:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.01.22 22:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.01.22 22:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.01.22 22:58:40 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.01.22 11:09:03 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{CE9D1316-7A84-4333-99E7-1B9D01412E92} [2012.01.22 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{1B295E41-DF8B-409C-A0AD-8633DB7C31CD} [2012.01.21 23:08:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{94C7A359-0D3D-446C-9B21-6493D9BF7C95} [2012.01.21 23:07:48 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D6D97A1E-6FE2-4666-AD4B-F8608EF87856} [2012.01.17 19:43:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2012.01.17 19:43:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2012.01.17 19:43:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2012.01.17 19:43:05 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2012.01.17 19:43:05 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2012.01.17 19:43:05 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2012.01.17 19:43:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2012.01.17 19:43:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2012.01.17 19:43:05 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2012.01.17 19:43:05 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2012.01.17 19:43:05 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2012.01.17 19:43:05 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2012.01.17 19:43:05 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2012.01.17 19:43:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2012.01.17 19:43:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [2012.01.17 19:22:22 | 000,305,664 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghcp.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.20 21:08:23 | 000,000,032 | ---- | M] () -- C:\Users\Konstantin\jagex_cl_runescape_LIVE.dat [2012.02.20 10:47:20 | 000,020,467 | ---- | M] () -- C:\Users\Konstantin\Desktop\823530519054e1683f5f9d6c06b23986f15a8292441d98b5625130ffd430dcbe6a44b995.jpg [2012.02.20 10:25:20 | 000,612,577 | ---- | M] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg2.jpg [2012.02.20 10:20:34 | 000,723,019 | ---- | M] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg [2012.02.20 10:20:28 | 000,637,923 | ---- | M] () -- C:\Users\Konstantin\Desktop\Foto0177.jpg [2012.02.20 10:17:45 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.20 10:17:45 | 000,666,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.20 10:17:45 | 000,625,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.20 10:17:45 | 000,135,280 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.20 10:17:45 | 000,110,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.20 09:47:17 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.20 09:47:17 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.20 09:39:55 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job [2012.02.20 09:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.20 09:39:42 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012.02.19 23:07:25 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Konstantin\Desktop\OTL.exe [2012.02.19 14:45:31 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.02.19 12:44:59 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.19 12:19:53 | 081,313,744 | ---- | M] () -- C:\Users\Konstantin\Desktop\avira_antivirus_premium_de.exe [2012.02.18 17:59:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.18 17:38:36 | 000,000,024 | ---- | M] () -- C:\Users\Konstantin\jagexappletviewer.preferences [2012.02.18 17:26:03 | 026,304,337 | ---- | M] () -- C:\Users\Konstantin\Desktop\avira_free_antivirus_898de.exe [2012.02.18 17:24:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Konstantin\Desktop\esetsmartinstaller_enu.exe [2012.02.17 23:13:55 | 000,020,821 | ---- | M] () -- C:\Users\Konstantin\Desktop\I hate Travian.odt [2012.02.16 20:57:42 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.02.15 08:36:14 | 000,000,050 | ---- | M] () -- C:\Users\Konstantin\jagex_cl_runescape_LIVE1.dat [2012.02.08 20:15:25 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.02.08 19:39:28 | 541,215,670 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.02.08 19:36:01 | 001,075,528 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Konstantin\Desktop\procexp64.exe [2012.02.04 18:12:59 | 000,002,092 | ---- | M] () -- C:\Users\Konstantin\Desktop\RuneScape.lnk [2012.02.03 01:12:17 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.03 00:54:17 | 000,007,598 | ---- | M] () -- C:\Users\Konstantin\AppData\Local\Resmon.ResmonCfg [2012.01.24 13:50:46 | 000,168,864 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.01.24 13:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2012.01.23 07:45:07 | 000,514,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.20 10:47:20 | 000,020,467 | ---- | C] () -- C:\Users\Konstantin\Desktop\823530519054e1683f5f9d6c06b23986f15a8292441d98b5625130ffd430dcbe6a44b995.jpg [2012.02.20 10:25:20 | 000,612,577 | ---- | C] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg2.jpg [2012.02.20 10:17:59 | 000,723,019 | ---- | C] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg [2012.02.20 10:17:59 | 000,637,923 | ---- | C] () -- C:\Users\Konstantin\Desktop\Foto0177.jpg [2012.02.19 12:44:59 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.19 12:15:46 | 081,313,744 | ---- | C] () -- C:\Users\Konstantin\Desktop\avira_antivirus_premium_de.exe [2012.02.18 17:59:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.18 17:57:43 | 000,072,268 | ---- | C] () -- C:\Users\Konstantin\Desktop\procexp.chm [2012.02.18 17:24:50 | 026,304,337 | ---- | C] () -- C:\Users\Konstantin\Desktop\avira_free_antivirus_898de.exe [2012.02.04 18:13:25 | 000,000,024 | ---- | C] () -- C:\Users\Konstantin\jagexappletviewer.preferences [2012.02.04 18:12:59 | 000,002,122 | ---- | C] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk [2012.02.04 18:12:59 | 000,002,092 | ---- | C] () -- C:\Users\Konstantin\Desktop\RuneScape.lnk [2012.02.03 01:12:17 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.03 01:12:16 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.01.29 21:23:42 | 000,004,334 | ---- | C] () -- C:\Users\Konstantin\Desktop\config.cfg [2012.01.17 19:43:06 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2012.01.17 19:43:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2011.12.17 13:26:54 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.12.17 13:24:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.12.17 13:22:18 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.17 05:25:13 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.12.17 05:25:13 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.12.17 05:25:13 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.15 12:23:51 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.15 12:23:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.05 18:02:28 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.08.05 11:09:32 | 000,007,598 | ---- | C] () -- C:\Users\Konstantin\AppData\Local\Resmon.ResmonCfg [2011.07.12 19:08:35 | 000,000,098 | ---- | C] () -- C:\Users\Konstantin\AppData\Local\fusioncache.dat [2011.07.12 19:05:50 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.05 14:21:23 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.06.18 12:30:16 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.06.18 12:30:16 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.06.18 12:30:16 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.06.18 12:25:55 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2011.09.15 05:55:14 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\BitComet [2011.10.04 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\bizarre creations [2011.12.26 18:40:10 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\concept design [2011.06.17 18:11:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Lite [2011.06.18 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Pro [2011.09.04 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Dyyno [2011.06.10 13:33:51 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\FileZilla [2012.02.18 15:26:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ICQ [2011.06.14 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\JonDo [2011.12.24 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\MAGIX [2011.07.12 23:58:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\OpenOffice.org [2011.05.17 17:07:06 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Publish Providers [2011.09.01 17:15:08 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\RenPy [2011.05.23 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Samsung [2011.07.04 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra [2011.07.04 18:30:31 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra Entertainment [2011.05.17 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sony [2011.09.23 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TeamViewer [2012.01.05 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TS3Client [2011.06.23 14:21:36 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Unity [2011.07.08 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\WinBatch [2011.10.04 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Windows Live Writer [2012.02.20 09:39:55 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job [2012.02.08 19:37:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.10 22:04:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Adobe [2012.01.02 12:01:04 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Apple Computer [2001.12.31 23:11:13 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ATI [2012.02.19 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Avira [2011.09.15 05:55:14 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\BitComet [2011.10.04 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\bizarre creations [2011.12.26 18:40:10 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\concept design [2011.06.17 18:11:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Lite [2011.06.18 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Pro [2012.01.18 17:41:06 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Download Manager [2011.09.04 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Dyyno [2011.06.10 13:33:51 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\FileZilla [2012.02.18 15:26:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ICQ [2011.05.15 12:01:18 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Identities [2011.06.14 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\JonDo [2011.05.15 12:28:03 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Macromedia [2011.12.24 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\MAGIX [2012.02.18 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Malwarebytes [2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Media Center Programs [2012.01.27 19:11:27 | 000,000,000 | --SD | M] -- C:\Users\Konstantin\AppData\Roaming\Microsoft [2012.02.03 01:12:29 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Mozilla [2011.07.12 23:58:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\OpenOffice.org [2011.05.17 17:07:06 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Publish Providers [2011.09.01 17:15:08 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\RenPy [2011.05.23 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Samsung [2011.07.04 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra [2011.07.04 18:30:31 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra Entertainment [2012.01.24 22:00:11 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Skype [2011.05.17 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sony [2011.09.23 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TeamViewer [2012.01.05 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TS3Client [2011.06.23 14:21:36 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Unity [2011.08.24 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\vlc [2011.07.08 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\WinBatch [2011.10.04 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Windows Live Writer [2011.05.16 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.10.04 19:57:52 | 010,274,313 | ---- | M] (Igor Pavlov) -- C:\Users\Konstantin\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe [2012.02.04 18:12:59 | 000,015,086 | R--- | M] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Installer\{5D87C09F-512F-474A-A306-0FE3B89C396F}\launcher.exe [2011.08.20 20:11:07 | 000,010,134 | R--- | M] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
21.02.2012, 11:24
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC Auslastung seit paar tagen Extrem hoch.Zitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2012, 13:56
| #11 |
| | PC Auslastung seit paar tagen Extrem hoch. Legale Alternativen? Werd ich mir hinter die ohren schreiben. Ich verstehe das aber nicht. Ich mach schon nichts aber die CPU kommt t.dem an die 70-100 % :S Langsam ka was ich machen soll :S |
|
21.02.2012, 14:03
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC Auslastung seit paar tagen Extrem hoch.Zitat:
 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.23 13:20:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell\AutoRun\command - "" = F:\Setup.exe
:Files
C:\Users\Konstantin\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 11:32
| #13 |
| | PC Auslastung seit paar tagen Extrem hoch.Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
File I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bc1d62b-e104-11e0-a047-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bc1d62b-e104-11e0-a047-00ff01000001}\ not found.
File F:\Setup.exe not found.
========== FILES ==========
File\Folder C:\Users\Konstantin\AppData\Local\{* not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Konstantin
->Temp folder emptied: 393216 bytes
->Temporary Internet Files folder emptied: 2539520 bytes
->Java cache emptied: 1440010 bytes
->FireFox cache emptied: 18067479 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 21,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.33.0 log created on 02222012_112739
Files\Folders moved on Reboot...
File\Folder C:\Users\Konstantin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
22.02.2012, 13:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC Auslastung seit paar tagen Extrem hoch. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2012, 13:01
| #15 |
| | PC Auslastung seit paar tagen Extrem hoch.Code:
ATTFilter 12:59:03.0967 4184 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
12:59:04.0818 4184 ============================================================
12:59:04.0818 4184 Current date / time: 2012/02/24 12:59:04.0818
12:59:04.0818 4184 SystemInfo:
12:59:04.0818 4184
12:59:04.0819 4184 OS Version: 6.1.7600 ServicePack: 0.0
12:59:04.0819 4184 Product type: Workstation
12:59:04.0819 4184 ComputerName: KONSTANTINS-PC
12:59:04.0820 4184 UserName: Konstantin
12:59:04.0820 4184 Windows directory: C:\Windows
12:59:04.0820 4184 System windows directory: C:\Windows
12:59:04.0820 4184 Running under WOW64
12:59:04.0820 4184 Processor architecture: Intel x64
12:59:04.0820 4184 Number of processors: 2
12:59:04.0820 4184 Page size: 0x1000
12:59:04.0820 4184 Boot type: Normal boot
12:59:04.0820 4184 ============================================================
12:59:06.0267 4184 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:59:06.0285 4184 \Device\Harddisk0\DR0:
12:59:06.0285 4184 MBR used
12:59:06.0286 4184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x807, BlocksNum 0x61944FF9
12:59:06.0318 4184 Initialize success
12:59:06.0318 4184 ============================================================
12:59:44.0781 4452 ============================================================
12:59:44.0781 4452 Scan started
12:59:44.0781 4452 Mode: Manual; SigCheck; TDLFS;
12:59:44.0781 4452 ============================================================
12:59:45.0186 4452 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:59:45.0294 4452 1394ohci - ok
12:59:45.0337 4452 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:59:45.0357 4452 ACPI - ok
12:59:45.0378 4452 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:59:45.0443 4452 AcpiPmi - ok
12:59:45.0515 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:59:45.0542 4452 adp94xx - ok
12:59:45.0570 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:59:45.0588 4452 adpahci - ok
12:59:45.0620 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:59:45.0635 4452 adpu320 - ok
12:59:45.0696 4452 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
12:59:45.0815 4452 AFD - ok
12:59:45.0840 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:59:45.0853 4452 agp440 - ok
12:59:45.0878 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:59:45.0890 4452 aliide - ok
12:59:45.0925 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:59:45.0936 4452 amdide - ok
12:59:45.0954 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:59:45.0988 4452 AmdK8 - ok
12:59:46.0184 4452 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:59:46.0422 4452 amdkmdag - ok
12:59:46.0460 4452 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
12:59:46.0483 4452 amdkmdap - ok
12:59:46.0500 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:59:46.0522 4452 AmdPPM - ok
12:59:46.0565 4452 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
12:59:46.0578 4452 amdsata - ok
12:59:46.0610 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:59:46.0626 4452 amdsbs - ok
12:59:46.0656 4452 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
12:59:46.0669 4452 amdxata - ok
12:59:46.0766 4452 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:59:46.0840 4452 AppID - ok
12:59:46.0903 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:59:46.0916 4452 arc - ok
12:59:46.0941 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:59:46.0954 4452 arcsas - ok
12:59:46.0996 4452 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
12:59:47.0006 4452 asusgsb ( UnsignedFile.Multi.Generic ) - warning
12:59:47.0006 4452 asusgsb - detected UnsignedFile.Multi.Generic (1)
12:59:47.0044 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:59:47.0095 4452 AsyncMac - ok
12:59:47.0122 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:59:47.0135 4452 atapi - ok
12:59:47.0183 4452 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
12:59:47.0222 4452 AtiHDAudioService - ok
12:59:47.0267 4452 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
12:59:47.0278 4452 AtiHdmiService - ok
12:59:47.0336 4452 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:59:47.0350 4452 avgntflt - ok
12:59:47.0403 4452 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:59:47.0425 4452 avipbb - ok
12:59:47.0471 4452 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:59:47.0480 4452 avkmgr - ok
12:59:47.0521 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:59:47.0572 4452 b06bdrv - ok
12:59:47.0598 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:59:47.0621 4452 b57nd60a - ok
12:59:47.0656 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:59:47.0709 4452 Beep - ok
12:59:47.0777 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:59:47.0806 4452 blbdrive - ok
12:59:47.0842 4452 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:59:47.0882 4452 bowser - ok
12:59:47.0898 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:59:47.0928 4452 BrFiltLo - ok
12:59:47.0957 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:59:47.0974 4452 BrFiltUp - ok
12:59:48.0017 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:59:48.0050 4452 Brserid - ok
12:59:48.0066 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:59:48.0084 4452 BrSerWdm - ok
12:59:48.0100 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:59:48.0132 4452 BrUsbMdm - ok
12:59:48.0147 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:59:48.0162 4452 BrUsbSer - ok
12:59:48.0177 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:59:48.0199 4452 BTHMODEM - ok
12:59:48.0241 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:59:48.0280 4452 cdfs - ok
12:59:48.0312 4452 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:59:48.0335 4452 cdrom - ok
12:59:48.0357 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:59:48.0375 4452 circlass - ok
12:59:48.0415 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:59:48.0443 4452 CLFS - ok
12:59:48.0487 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:59:48.0511 4452 CmBatt - ok
12:59:48.0535 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:59:48.0548 4452 cmdide - ok
12:59:48.0574 4452 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:59:48.0607 4452 CNG - ok
12:59:48.0633 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:59:48.0644 4452 Compbatt - ok
12:59:48.0671 4452 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:59:48.0698 4452 CompositeBus - ok
12:59:48.0730 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:59:48.0742 4452 crcdisk - ok
12:59:48.0797 4452 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:59:48.0842 4452 CSC - ok
12:59:48.0886 4452 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
12:59:48.0937 4452 DfsC - ok
12:59:48.0968 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:59:49.0018 4452 discache - ok
12:59:49.0057 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:59:49.0070 4452 Disk - ok
12:59:49.0142 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:59:49.0175 4452 drmkaud - ok
12:59:49.0231 4452 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:59:49.0264 4452 DXGKrnl - ok
12:59:49.0339 4452 EagleX64 - ok
12:59:49.0418 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:59:49.0494 4452 ebdrv - ok
12:59:49.0552 4452 EIO64 - ok
12:59:49.0584 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:59:49.0608 4452 elxstor - ok
12:59:49.0631 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:59:49.0666 4452 ErrDev - ok
12:59:49.0703 4452 ESLvnic1 (c33acb897af927d1c1bd84f211fae75b) C:\Windows\system32\DRIVERS\ESLvnic.sys
12:59:49.0719 4452 ESLvnic1 - ok
12:59:49.0766 4452 ESLWireAC (abc24f129c616e5dee5ce58683606c84) C:\Windows\system32\drivers\ESLWireACD.sys
12:59:49.0780 4452 ESLWireAC - ok
12:59:49.0811 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:59:49.0860 4452 exfat - ok
12:59:49.0894 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:59:49.0953 4452 fastfat - ok
12:59:49.0977 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:59:50.0011 4452 fdc - ok
12:59:50.0066 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:59:50.0079 4452 FileInfo - ok
12:59:50.0112 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:59:50.0150 4452 Filetrace - ok
12:59:50.0165 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:59:50.0180 4452 flpydisk - ok
12:59:50.0210 4452 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:59:50.0227 4452 FltMgr - ok
12:59:50.0260 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:59:50.0274 4452 FsDepends - ok
12:59:50.0298 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:59:50.0310 4452 Fs_Rec - ok
12:59:50.0364 4452 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:59:50.0382 4452 fvevol - ok
12:59:50.0409 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:59:50.0422 4452 gagp30kx - ok
12:59:50.0473 4452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:59:50.0484 4452 GEARAspiWDM - ok
12:59:50.0516 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:59:50.0537 4452 hcw85cir - ok
12:59:50.0592 4452 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:59:50.0618 4452 HdAudAddService - ok
12:59:50.0654 4452 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:59:50.0682 4452 HDAudBus - ok
12:59:50.0698 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:59:50.0718 4452 HidBatt - ok
12:59:50.0734 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:59:50.0775 4452 HidBth - ok
12:59:50.0809 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:59:50.0835 4452 HidIr - ok
12:59:50.0878 4452 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:59:50.0894 4452 HidUsb - ok
12:59:50.0928 4452 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:59:50.0941 4452 HpSAMD - ok
12:59:50.0985 4452 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:59:51.0044 4452 HTTP - ok
12:59:51.0065 4452 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:59:51.0077 4452 hwpolicy - ok
12:59:51.0098 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:59:51.0121 4452 i8042prt - ok
12:59:51.0141 4452 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
12:59:51.0159 4452 iaStorV - ok
12:59:51.0209 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:59:51.0221 4452 iirsp - ok
12:59:51.0326 4452 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
12:59:51.0393 4452 IntcAzAudAddService - ok
12:59:51.0425 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:59:51.0437 4452 intelide - ok
12:59:51.0508 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:59:51.0550 4452 intelppm - ok
12:59:51.0584 4452 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:59:51.0625 4452 IpFilterDriver - ok
12:59:51.0647 4452 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:59:51.0664 4452 IPMIDRV - ok
12:59:51.0681 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:59:51.0729 4452 IPNAT - ok
12:59:51.0766 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:59:51.0810 4452 IRENUM - ok
12:59:51.0835 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:59:51.0848 4452 isapnp - ok
12:59:51.0872 4452 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:59:51.0888 4452 iScsiPrt - ok
12:59:51.0921 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:59:51.0933 4452 kbdclass - ok
12:59:51.0962 4452 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:59:51.0986 4452 kbdhid - ok
12:59:52.0020 4452 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:59:52.0034 4452 KSecDD - ok
12:59:52.0068 4452 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:59:52.0082 4452 KSecPkg - ok
12:59:52.0109 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:59:52.0150 4452 ksthunk - ok
12:59:52.0208 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:59:52.0257 4452 lltdio - ok
12:59:52.0313 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:59:52.0326 4452 LSI_FC - ok
12:59:52.0343 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:59:52.0357 4452 LSI_SAS - ok
12:59:52.0389 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:59:52.0402 4452 LSI_SAS2 - ok
12:59:52.0428 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:59:52.0444 4452 LSI_SCSI - ok
12:59:52.0475 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:59:52.0560 4452 luafv - ok
12:59:52.0626 4452 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:59:52.0636 4452 MBAMProtector - ok
12:59:52.0680 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:59:52.0692 4452 megasas - ok
12:59:52.0726 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:59:52.0744 4452 MegaSR - ok
12:59:52.0790 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:59:52.0834 4452 Modem - ok
12:59:52.0858 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:59:52.0882 4452 monitor - ok
12:59:52.0898 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:59:52.0911 4452 mouclass - ok
12:59:52.0939 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:59:52.0958 4452 mouhid - ok
12:59:52.0986 4452 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:59:53.0000 4452 mountmgr - ok
12:59:53.0048 4452 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:59:53.0064 4452 mpio - ok
12:59:53.0117 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:59:53.0164 4452 mpsdrv - ok
12:59:53.0196 4452 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:59:53.0231 4452 MRxDAV - ok
12:59:53.0273 4452 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:59:53.0305 4452 mrxsmb - ok
12:59:53.0327 4452 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:59:53.0354 4452 mrxsmb10 - ok
12:59:53.0377 4452 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:59:53.0398 4452 mrxsmb20 - ok
12:59:53.0419 4452 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:59:53.0431 4452 msahci - ok
12:59:53.0459 4452 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:59:53.0474 4452 msdsm - ok
12:59:53.0517 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:59:53.0560 4452 Msfs - ok
12:59:53.0584 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:59:53.0638 4452 mshidkmdf - ok
12:59:53.0662 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:59:53.0674 4452 msisadrv - ok
12:59:53.0726 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:59:53.0764 4452 MSKSSRV - ok
12:59:53.0793 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:59:53.0837 4452 MSPCLOCK - ok
12:59:53.0853 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:59:53.0892 4452 MSPQM - ok
12:59:53.0925 4452 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:59:53.0944 4452 MsRPC - ok
12:59:53.0966 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:59:53.0978 4452 mssmbios - ok
12:59:53.0993 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:59:54.0036 4452 MSTEE - ok
12:59:54.0062 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:59:54.0096 4452 MTConfig - ok
12:59:54.0123 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:59:54.0135 4452 Mup - ok
12:59:54.0181 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:59:54.0214 4452 NativeWifiP - ok
12:59:54.0268 4452 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:59:54.0298 4452 NDIS - ok
12:59:54.0331 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:59:54.0371 4452 NdisCap - ok
12:59:54.0405 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:59:54.0449 4452 NdisTapi - ok
12:59:54.0478 4452 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:59:54.0524 4452 Ndisuio - ok
12:59:54.0556 4452 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:59:54.0601 4452 NdisWan - ok
12:59:54.0621 4452 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:59:54.0661 4452 NDProxy - ok
12:59:54.0682 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:59:54.0725 4452 NetBIOS - ok
12:59:54.0837 4452 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:59:54.0905 4452 NetBT - ok
12:59:55.0063 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:59:55.0075 4452 nfrd960 - ok
12:59:55.0096 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:59:55.0140 4452 Npfs - ok
12:59:55.0172 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:59:55.0227 4452 nsiproxy - ok
12:59:55.0271 4452 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
12:59:55.0323 4452 Ntfs - ok
12:59:55.0343 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:59:55.0391 4452 Null - ok
12:59:55.0407 4452 nvlddmkm - ok
12:59:55.0437 4452 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
12:59:55.0451 4452 nvraid - ok
12:59:55.0480 4452 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
12:59:55.0495 4452 nvstor - ok
12:59:55.0527 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:59:55.0541 4452 nv_agp - ok
12:59:55.0558 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:59:55.0578 4452 ohci1394 - ok
12:59:55.0685 4452 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
12:59:55.0714 4452 PAC207 - ok
12:59:55.0746 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:59:55.0763 4452 Parport - ok
12:59:55.0786 4452 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:59:55.0799 4452 partmgr - ok
12:59:55.0841 4452 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:59:55.0857 4452 pci - ok
12:59:55.0880 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:59:55.0892 4452 pciide - ok
12:59:55.0923 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:59:55.0938 4452 pcmcia - ok
12:59:55.0966 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:59:55.0978 4452 pcw - ok
12:59:55.0997 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:59:56.0059 4452 PEAUTH - ok
12:59:56.0172 4452 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:59:56.0212 4452 PptpMiniport - ok
12:59:56.0238 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:59:56.0272 4452 Processor - ok
12:59:56.0300 4452 PROCEXP151 - ok
12:59:56.0375 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:59:56.0417 4452 ql2300 - ok
12:59:56.0449 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:59:56.0463 4452 ql40xx - ok
12:59:56.0490 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:59:56.0525 4452 QWAVEdrv - ok
12:59:56.0546 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:59:56.0598 4452 RasAcd - ok
12:59:56.0631 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:59:56.0672 4452 RasAgileVpn - ok
12:59:56.0705 4452 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:59:56.0749 4452 Rasl2tp - ok
12:59:56.0780 4452 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
12:59:56.0791 4452 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
12:59:56.0791 4452 RasPppoe - detected UnsignedFile.Multi.Generic (1)
12:59:56.0811 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:59:56.0874 4452 RasSstp - ok
12:59:56.0894 4452 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:59:56.0938 4452 rdbss - ok
12:59:56.0976 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:59:56.0993 4452 rdpbus - ok
12:59:57.0009 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:59:57.0048 4452 RDPCDD - ok
12:59:57.0096 4452 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:59:57.0121 4452 RDPDR - ok
12:59:57.0145 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:59:57.0190 4452 RDPENCDD - ok
12:59:57.0211 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:59:57.0251 4452 RDPREFMP - ok
12:59:57.0281 4452 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:59:57.0340 4452 RDPWD - ok
12:59:57.0372 4452 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:59:57.0388 4452 rdyboost - ok
12:59:57.0420 4452 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
12:59:57.0470 4452 RMCAST - ok
12:59:57.0524 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:59:57.0582 4452 rspndr - ok
12:59:57.0686 4452 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:59:57.0731 4452 RTL8167 - ok
12:59:57.0752 4452 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:59:57.0793 4452 s3cap - ok
12:59:57.0842 4452 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:59:57.0856 4452 sbp2port - ok
12:59:57.0878 4452 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:59:57.0919 4452 scfilter - ok
12:59:57.0965 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:59:58.0018 4452 secdrv - ok
12:59:58.0057 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:59:58.0075 4452 Serenum - ok
12:59:58.0117 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:59:58.0133 4452 Serial - ok
12:59:58.0150 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:59:58.0171 4452 sermouse - ok
12:59:58.0214 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:59:58.0245 4452 sffdisk - ok
12:59:58.0264 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:59:58.0288 4452 sffp_mmc - ok
12:59:58.0317 4452 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:59:58.0337 4452 sffp_sd - ok
12:59:58.0351 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:59:58.0376 4452 sfloppy - ok
12:59:58.0404 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:59:58.0417 4452 SiSRaid2 - ok
12:59:58.0445 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:59:58.0459 4452 SiSRaid4 - ok
12:59:58.0483 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:59:58.0537 4452 Smb - ok
12:59:58.0600 4452 snapman (b2aa7562ba5858633fcdcd246e8d6730) C:\Windows\system32\DRIVERS\snapman.sys
12:59:58.0615 4452 snapman - ok
12:59:58.0645 4452 speedfan - ok
12:59:58.0674 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:59:58.0687 4452 spldr - ok
12:59:58.0774 4452 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
12:59:58.0774 4452 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
12:59:58.0778 4452 sptd ( LockedFile.Multi.Generic ) - warning
12:59:58.0778 4452 sptd - detected LockedFile.Multi.Generic (1)
12:59:58.0812 4452 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
12:59:58.0846 4452 srv - ok
12:59:58.0882 4452 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
12:59:58.0912 4452 srv2 - ok
12:59:58.0951 4452 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
12:59:58.0978 4452 srvnet - ok
12:59:59.0010 4452 sscdbus (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
12:59:59.0022 4452 sscdbus - ok
12:59:59.0060 4452 sscdmdfl (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
12:59:59.0069 4452 sscdmdfl - ok
12:59:59.0106 4452 sscdmdm (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
12:59:59.0119 4452 sscdmdm - ok
12:59:59.0172 4452 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
12:59:59.0183 4452 ss_bbus - ok
12:59:59.0206 4452 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
12:59:59.0215 4452 ss_bmdfl - ok
12:59:59.0242 4452 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
12:59:59.0254 4452 ss_bmdm - ok
12:59:59.0321 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:59:59.0333 4452 stexstor - ok
12:59:59.0387 4452 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:59:59.0400 4452 storflt - ok
12:59:59.0423 4452 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:59:59.0436 4452 storvsc - ok
12:59:59.0466 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:59:59.0478 4452 swenum - ok
12:59:59.0569 4452 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
12:59:59.0618 4452 Tcpip - ok
12:59:59.0669 4452 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
12:59:59.0710 4452 TCPIP6 - ok
12:59:59.0744 4452 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:59:59.0803 4452 tcpipreg - ok
12:59:59.0837 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:59:59.0891 4452 TDPIPE - ok
12:59:59.0912 4452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:59:59.0952 4452 TDTCP - ok
12:59:59.0988 4452 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:00:00.0036 4452 tdx - ok
13:00:00.0102 4452 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:00:00.0115 4452 TermDD - ok
13:00:00.0165 4452 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
13:00:00.0175 4452 TFsExDisk - ok
13:00:00.0229 4452 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:00:00.0292 4452 tssecsrv - ok
13:00:00.0334 4452 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:00:00.0383 4452 tunnel - ok
13:00:00.0399 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:00:00.0412 4452 uagp35 - ok
13:00:00.0440 4452 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:00:00.0496 4452 udfs - ok
13:00:00.0546 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:00:00.0559 4452 uliagpkx - ok
13:00:00.0602 4452 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:00:00.0630 4452 umbus - ok
13:00:00.0646 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:00:00.0665 4452 UmPass - ok
13:00:00.0724 4452 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:00:00.0750 4452 USBAAPL64 - ok
13:00:00.0774 4452 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:00:00.0801 4452 usbccgp - ok
13:00:00.0818 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:00:00.0845 4452 usbcir - ok
13:00:00.0868 4452 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:00:00.0900 4452 usbehci - ok
13:00:00.0930 4452 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:00:00.0950 4452 usbhub - ok
13:00:00.0979 4452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:00:00.0994 4452 usbohci - ok
13:00:01.0024 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:00:01.0057 4452 usbprint - ok
13:00:01.0093 4452 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:00:01.0118 4452 usbscan - ok
13:00:01.0146 4452 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:00:01.0163 4452 USBSTOR - ok
13:00:01.0179 4452 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:00:01.0194 4452 usbuhci - ok
13:00:01.0253 4452 VBoxDrv (0480981ebec902c763f83007274496ca) C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:00:01.0269 4452 VBoxDrv - ok
13:00:01.0296 4452 VBoxNetAdp (e3c33cead666eec05beb2beff60c33f9) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:00:01.0315 4452 VBoxNetAdp - ok
13:00:01.0346 4452 VBoxNetFlt (e4149d4063859ad42df69d8c61acffef) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
13:00:01.0358 4452 VBoxNetFlt - ok
13:00:01.0414 4452 VBoxUSBMon (8908bb024508e71413b807ab3715ad97) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:00:01.0426 4452 VBoxUSBMon - ok
13:00:01.0453 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:00:01.0465 4452 vdrvroot - ok
13:00:01.0496 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:00:01.0515 4452 vga - ok
13:00:01.0540 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:00:01.0596 4452 VgaSave - ok
13:00:01.0613 4452 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:00:01.0630 4452 vhdmp - ok
13:00:01.0652 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:00:01.0664 4452 viaide - ok
13:00:01.0707 4452 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
13:00:01.0723 4452 vmbus - ok
13:00:01.0746 4452 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:00:01.0774 4452 VMBusHID - ok
13:00:01.0837 4452 vmm (c6f8fbde19960e0b172cd76d2677f5e2) C:\Windows\system32\Treiber\vmm.sys
13:00:01.0854 4452 vmm - ok
13:00:01.0875 4452 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:00:01.0888 4452 volmgr - ok
13:00:01.0923 4452 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:00:01.0942 4452 volmgrx - ok
13:00:01.0970 4452 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:00:01.0989 4452 volsnap - ok
13:00:02.0030 4452 VPCNetS2 (6bdca00fc57cc40da3c8e88b2cea21ab) C:\Windows\system32\DRIVERS\VMNetSrv.sys
13:00:02.0041 4452 VPCNetS2 - ok
13:00:02.0073 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:00:02.0092 4452 vsmraid - ok
13:00:02.0122 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:00:02.0140 4452 vwifibus - ok
13:00:02.0173 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:00:02.0209 4452 WacomPen - ok
13:00:02.0254 4452 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:02.0308 4452 WANARP - ok
13:00:02.0319 4452 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:02.0364 4452 Wanarpv6 - ok
13:00:02.0409 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:00:02.0421 4452 Wd - ok
13:00:02.0458 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:00:02.0484 4452 Wdf01000 - ok
13:00:02.0545 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:00:02.0583 4452 WfpLwf - ok
13:00:02.0604 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:00:02.0616 4452 WIMMount - ok
13:00:02.0681 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:00:02.0708 4452 WmiAcpi - ok
13:00:02.0769 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:00:02.0823 4452 ws2ifsl - ok
13:00:02.0880 4452 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:00:02.0933 4452 WudfPf - ok
13:00:02.0960 4452 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:00:03.0000 4452 WUDFRd - ok
13:00:03.0056 4452 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:00:03.0583 4452 \Device\Harddisk0\DR0 - ok
13:00:03.0596 4452 Boot (0x1200) (aa40bd229c2ed83570a0adbedddf427a) \Device\Harddisk0\DR0\Partition0
13:00:03.0596 4452 \Device\Harddisk0\DR0\Partition0 - ok
13:00:03.0601 4452 ============================================================
13:00:03.0601 4452 Scan finished
13:00:03.0601 4452 ============================================================
13:00:03.0646 4696 Detected object count: 3
13:00:03.0646 4696 Actual detected object count: 3
13:00:16.0930 4696 asusgsb ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:16.0930 4696 asusgsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:16.0933 4696 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:16.0933 4696 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:16.0937 4696 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:00:16.0937 4696 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:01:03.0910 1828 Deinitialize success
|
|
| Themen zu PC Auslastung seit paar tagen Extrem hoch. |
| auslastung, board, cpu, cpu auslastung, extrem, hohe, hohe cpu, hohe cpu auslastung, installier, installiert, komisch, neues, nichts, spring, springt, tagen, troja |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
