Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC Auslastung seit paar tagen Extrem hoch.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.02.2012, 19:20   #1
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Hallo Troja Board,

mein PC hat seit ein paar Tagen Komisch hohe CPU Auslastung,
ich hab eigentlich nichts neues installiert, aber dennoch springt er von
17% Auf 80%+

Woran könnte das liegen?

Alt 09.02.2012, 15:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Zitat:
Woran könnte das liegen?
Das weiß bei diesen spärlichen Infos wohl nur die

Vllt postest du mal welcher Prozess die Last erzeugt?!
__________________

__________________

Alt 10.02.2012, 23:34   #3
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



am meisten kommt svchost oder wie man es nennt, Sorry hab den namen vergessen.

Das frisst i.wie am meisten.

Was könnte ich den posten damit ihr mehr infos habt? :S
__________________

Alt 12.02.2012, 11:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



svchost.exe ist ein allgemeiner "Hüllenprozess" die Ursache kann da vielfältig sein

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.02.2012, 20:36   #5
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



ESET Test:

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=142d8207e0017145bdaa2d8822ccb464
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-18 07:33:42
# local_time=2012-02-18 08:33:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 859475 859475 0 0
# compatibility_mode=5893 16776573 100 94 164069 81988250 0 0
# compatibility_mode=8192 67108863 100 0 3806 3806 0 0
# scanned=258344
# found=2
# cleaned=2
# scan_time=11063
C:\Users\Konstantin\Downloads\SoftonicDownloader_fuer_ideas.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Konstantin\Downloads\SoftonicDownloader_fuer_paragon-partition-manager.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Konstantin :: KONSTANTINS-PC [Administrator]

Schutz: Aktiviert

18.02.2012 21:31:00
mbam-log-2012-02-18 (21-31-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189499
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Das war Malware.
Ich hoffe das hilft weiter.


Alt 19.02.2012, 18:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Zitat:
C:\Users\Konstantin\Downloads\SoftonicDownloader_fuer_ideas.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Konstantin\Downloads\SoftonicDownloader_fuer_paragon-partition-manager.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________
--> PC Auslastung seit paar tagen Extrem hoch.

Alt 19.02.2012, 20:16   #7
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.19.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Konstantin :: KONSTANTINS-PC [Administrator]

Schutz: Aktiviert

19.02.2012 19:31:34
mbam-log-2012-02-19 (19-31-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423756
Laufzeit: 1 Stunde(n), 29 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 19.02.2012, 20:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2012, 20:29   #9
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Code:
ATTFilter
OTL logfile created on: 20.02.2012 21:12:50 - Run 1
OTL by OldTimer - Version 3.2.33.0     Folder = C:\Users\Konstantin\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,89% Memory free
8,00 Gb Paging File | 6,31 Gb Available in Paging File | 78,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 780,63 Gb Total Space | 611,10 Gb Free Space | 78,28% Space Free | Partition Type: NTFS
 
Computer Name: KONSTANTINS-PC | User Name: Konstantin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.19 23:07:25 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Konstantin\Desktop\OTL.exe
PRC - [2012.02.19 14:45:24 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.15 12:23:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.10.11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.09.30 14:16:06 | 002,155,848 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.17 13:22:06 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.12.28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [Disabled | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.04.29 22:55:08 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device)
SRV - [2012.02.19 14:45:24 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.02.14 11:10:48 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.24 13:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.15 12:23:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.15 03:20:04 | 000,415,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2010.09.30 14:16:06 | 002,155,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcgcoms.exe -- (lxcg_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.19 14:45:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.24 13:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.12.17 13:27:34 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.12.17 13:27:10 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.17 13:26:43 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.10.11 15:06:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.11 15:06:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.23 12:25:54 | 000,272,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.07.19 12:08:18 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.06.18 06:09:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.18 11:11:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.02.17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008.02.12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2008.02.05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006.12.05 10:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.01.18 22:37:32 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\raspppoe.sys -- (RasPppoe)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B EC 87 01 12 29 CC 01  [binary data]
IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Konstantin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 14:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 14:04:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.17 17:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.24 05:25:10 | 000,000,000 | ---D | M]
 
[2012.02.03 01:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konstantin\AppData\Roaming\mozilla\Extensions
[2012.02.03 01:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konstantin\AppData\Roaming\mozilla\Firefox\Profiles\pwhdhrhp.default\extensions
[2012.02.19 12:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\KONSTANTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PWHDHRHP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.17 17:44:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.03 01:25:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.14 11:45:57 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [LXCGCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCGtime.DLL ()
O4:64bit: - HKLM..\Run: [lxcgmon.exe] C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8128EBD5-C04D-4BBB-B6F5-68BC5CCFA2BA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.23 13:20:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Konstantin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Dyyno Launcher - hkey= - key= - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
MsConfig:64bit - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - xvidvfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.20 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{33C682A8-9889-48AB-A9A8-C42473067584}
[2012.02.20 09:41:09 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{4F5380D2-367A-47F7-B7A1-314925F777FA}
[2012.02.19 23:07:20 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Konstantin\Desktop\OTL.exe
[2012.02.19 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\Microsoft Games
[2012.02.19 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Avira
[2012.02.19 12:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.19 12:44:42 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.19 12:44:42 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.02.19 12:44:42 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.02.19 12:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.19 12:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.02.19 12:33:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.19 10:58:12 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DF858A04-6C73-4970-9929-0C6952DA2D64}
[2012.02.19 10:57:31 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{66C1CF10-F600-4895-AF2F-AD8CF1B58340}
[2012.02.18 18:57:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.02.18 17:59:45 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Malwarebytes
[2012.02.18 17:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.18 17:59:36 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.18 17:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.18 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.18 17:57:43 | 004,763,456 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Konstantin\Desktop\procexp.exe
[2012.02.18 17:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.18 17:24:46 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Konstantin\Desktop\esetsmartinstaller_enu.exe
[2012.02.18 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{155150D8-CAEC-4A30-BD89-10CD152E514E}
[2012.02.18 10:34:17 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{844AA980-DDA8-4AAC-9610-9709A7C7B6E8}
[2012.02.17 11:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.17 11:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.02.17 11:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.02.17 11:29:10 | 000,000,000 | ---D | C] -- C:\AMD
[2012.02.17 11:18:53 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{EF2E4D7D-EAC2-4EB3-B822-566E22C34021}
[2012.02.17 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{99F9771C-16A9-4775-9139-B1155C48AF18}
[2012.02.16 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{76336C92-9548-41B7-9D57-B9176CEBE552}
[2012.02.16 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{46BA236F-3FAA-4F9F-9EC2-FB06B99CE566}
[2012.02.16 07:02:10 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{83279375-F674-4C3D-9B15-C4707F09D4CF}
[2012.02.16 07:01:54 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{529FEA91-A64F-45B2-8898-8C46A06482F0}
[2012.02.15 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{70FFD563-16E4-4E1D-81BC-FD5F53E22F86}
[2012.02.15 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{AC63696B-3A61-4807-9ADF-8234C2BA0B38}
[2012.02.14 04:29:24 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{ACBC54CF-69E0-4BC5-A6E0-0619389BA4C4}
[2012.02.14 04:29:06 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{9C1BE537-7FCA-4321-BF09-53D85D355CB4}
[2012.02.13 10:35:35 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{419463FE-B906-4A8A-9422-6F5EF0B668EA}
[2012.02.13 10:35:16 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D2E9D427-AE57-4E69-987E-B8AB437B19D5}
[2012.02.12 09:29:31 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{5FD75202-D5DB-4A16-A828-A1A6EB2947AA}
[2012.02.12 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{639433D0-8F06-4031-BF6C-95F36D7027E4}
[2012.02.11 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{AF2880C5-9E96-409D-AEC0-CE1ECD23140A}
[2012.02.11 15:30:08 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{03A5E2D7-7CF7-4CBD-B133-5973D2A4495D}
[2012.02.11 03:29:39 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B2C45660-0B30-45C3-A0B8-5B0F578292D1}
[2012.02.11 03:29:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B8CFEC15-E4FE-49EC-A1C6-E1E49DD212F4}
[2012.02.10 12:08:59 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DA050DC5-DE34-45FA-A7F0-FBCEEF0D078A}
[2012.02.10 12:08:42 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{43753DDC-700D-440D-811D-542E045EB3F9}
[2012.02.09 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{72022ADE-5C99-4A72-9013-D184B087631C}
[2012.02.09 09:50:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D066A34D-3648-40F7-9EB7-1D46AB10204E}
[2012.02.08 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{77ED8C20-4ACA-4274-8FFB-C4C1EB6C432E}
[2012.02.08 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B36B9C78-0F99-4C57-B741-3CBE61969A99}
[2012.02.08 19:36:01 | 001,075,528 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Konstantin\Desktop\procexp64.exe
[2012.02.08 08:48:50 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D06886AC-24D2-48D6-860F-69541EECA156}
[2012.02.08 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D03400A8-1779-4C89-BA06-62E524155FE7}
[2012.02.07 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{EF80E3D9-CF12-4C9D-AB8A-9392000DDA0F}
[2012.02.07 11:23:58 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D3760354-BA16-4083-B046-E05ADF80ED3A}
[2012.02.06 10:18:29 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{70AB0ED5-48BB-49FD-9E99-CC6ECF956BFD}
[2012.02.06 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{99EE05FE-D76B-40CB-A9D0-849CF8F06B76}
[2012.02.05 15:47:43 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\Documents\ICQ
[2012.02.05 09:14:49 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{AB82F8E1-4AF2-4A8D-9317-4CAD0D6E21F2}
[2012.02.05 09:14:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{80F3667C-499E-4DDD-929C-20FD643C43D8}
[2012.02.04 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2012.02.04 18:12:51 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\jagexcache
[2012.02.04 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B71FD386-E305-48DB-9A4E-EB40FF0AF5BD}
[2012.02.04 11:11:28 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{637D989C-0FBD-407A-B043-FD6C4DFAACEB}
[2012.02.03 12:07:55 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{5343FC9C-B615-45A3-998A-1122942420CD}
[2012.02.03 12:06:51 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B7923CAC-D175-4B20-BBDF-9B1532C07103}
[2012.02.03 01:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.03 01:13:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.02.03 01:12:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Roaming\Mozilla
[2012.02.02 12:45:27 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{4FD8C202-7552-465B-BD91-5F8C109645EA}
[2012.02.02 12:45:11 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{9F2D19E1-D11A-4AE8-AAD2-31D2B8FE661E}
[2012.02.01 08:16:42 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B1AA55C0-BC07-4F7E-9FE6-76E4B4B51452}
[2012.02.01 08:16:16 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{7B051D50-1C18-4D89-8D3F-4F63C5CA2499}
[2012.01.31 09:21:14 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{2417A506-872D-4FC3-86FA-1C82E173F867}
[2012.01.31 09:20:55 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DD1A6D38-2A9C-4316-B4DB-CEBF78C9B366}
[2012.01.30 11:31:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D5F15E5C-C5B7-4E25-9998-4112E832FD5C}
[2012.01.30 11:31:00 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{35AF465B-7256-4D17-BDEF-6BAEE267DD2F}
[2012.01.29 23:30:32 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{EEC6DCC6-0EF5-40BF-86CD-19308D89B0CB}
[2012.01.29 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{DEDDF53A-037C-45EC-81E1-470ED11860F1}
[2012.01.29 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{1359295B-5CE1-4D59-87F7-B0F991CDE506}
[2012.01.29 11:29:08 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{9D344C1E-CFCE-4B72-ABF8-5B21C1A3D517}
[2012.01.28 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{2C501E7F-A295-438D-B1B3-6EFB8C91F095}
[2012.01.28 10:23:17 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{00DDFA00-0ED5-41A7-9C0F-55B18E100F82}
[2012.01.27 22:22:47 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{B576DF12-94C6-484C-A8B7-76B31F45BE79}
[2012.01.27 22:22:33 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{ADD0EB5F-6AEE-4E49-88AF-04387AAE1320}
[2012.01.27 20:29:11 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\Documents\Outlook-Dateien
[2012.01.27 07:18:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{471A6C58-5AAC-4537-84A5-C119BB839552}
[2012.01.27 07:18:00 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{E56CE5FF-5689-4321-9879-607DDCD28727}
[2012.01.26 10:58:32 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{F6295647-5C85-494B-9B39-A10FF366F72D}
[2012.01.26 10:58:17 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{554A8280-F75C-444E-9214-C8A1517D3232}
[2012.01.25 09:48:52 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{E344BD82-1BB6-4C6A-AE3D-75557D529316}
[2012.01.25 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{65F2BAE4-268B-422A-967D-28337BADDE4A}
[2012.01.24 10:00:47 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{843B86DF-B9FF-497E-8809-5C97AD617705}
[2012.01.24 10:00:22 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{FCF61FB6-4914-459E-947A-3D721DF41FE9}
[2012.01.23 19:47:26 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{47CA6ACD-C286-408D-9BB0-6FAC70D09E18}
[2012.01.23 19:47:13 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{43CB5D28-0D57-41A1-BF53-DF5DE8C9110C}
[2012.01.23 07:46:39 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{1606BA7E-90F4-4548-9420-7741193C19A2}
[2012.01.23 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{73C2777D-B362-4A21-8E29-96248FF78D2F}
[2012.01.22 23:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.01.22 23:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.01.22 23:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.01.22 23:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.01.22 23:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.22 23:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.01.22 23:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.01.22 23:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.01.22 23:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012.01.22 22:59:22 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\Microsoft Help
[2012.01.22 22:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.01.22 22:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.01.22 22:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.01.22 22:58:40 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.01.22 11:09:03 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{CE9D1316-7A84-4333-99E7-1B9D01412E92}
[2012.01.22 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{1B295E41-DF8B-409C-A0AD-8633DB7C31CD}
[2012.01.21 23:08:15 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{94C7A359-0D3D-446C-9B21-6493D9BF7C95}
[2012.01.21 23:07:48 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\{D6D97A1E-6FE2-4666-AD4B-F8608EF87856}
[2012.01.17 19:43:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll
[2012.01.17 19:43:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll
[2012.01.17 19:43:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll
[2012.01.17 19:43:05 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll
[2012.01.17 19:43:05 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll
[2012.01.17 19:43:05 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll
[2012.01.17 19:43:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll
[2012.01.17 19:43:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll
[2012.01.17 19:43:05 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe
[2012.01.17 19:43:05 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll
[2012.01.17 19:43:05 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe
[2012.01.17 19:43:05 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe
[2012.01.17 19:43:05 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe
[2012.01.17 19:43:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll
[2012.01.17 19:43:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll
[2012.01.17 19:22:22 | 000,305,664 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghcp.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.20 21:08:23 | 000,000,032 | ---- | M] () -- C:\Users\Konstantin\jagex_cl_runescape_LIVE.dat
[2012.02.20 10:47:20 | 000,020,467 | ---- | M] () -- C:\Users\Konstantin\Desktop\823530519054e1683f5f9d6c06b23986f15a8292441d98b5625130ffd430dcbe6a44b995.jpg
[2012.02.20 10:25:20 | 000,612,577 | ---- | M] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg2.jpg
[2012.02.20 10:20:34 | 000,723,019 | ---- | M] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg
[2012.02.20 10:20:28 | 000,637,923 | ---- | M] () -- C:\Users\Konstantin\Desktop\Foto0177.jpg
[2012.02.20 10:17:45 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.20 10:17:45 | 000,666,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.20 10:17:45 | 000,625,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.20 10:17:45 | 000,135,280 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.20 10:17:45 | 000,110,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.20 09:47:17 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.20 09:47:17 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.20 09:39:55 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012.02.20 09:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.20 09:39:42 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.19 23:07:25 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Konstantin\Desktop\OTL.exe
[2012.02.19 14:45:31 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.19 12:44:59 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.19 12:19:53 | 081,313,744 | ---- | M] () -- C:\Users\Konstantin\Desktop\avira_antivirus_premium_de.exe
[2012.02.18 17:59:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.18 17:38:36 | 000,000,024 | ---- | M] () -- C:\Users\Konstantin\jagexappletviewer.preferences
[2012.02.18 17:26:03 | 026,304,337 | ---- | M] () -- C:\Users\Konstantin\Desktop\avira_free_antivirus_898de.exe
[2012.02.18 17:24:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Konstantin\Desktop\esetsmartinstaller_enu.exe
[2012.02.17 23:13:55 | 000,020,821 | ---- | M] () -- C:\Users\Konstantin\Desktop\I hate Travian.odt
[2012.02.16 20:57:42 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.02.15 08:36:14 | 000,000,050 | ---- | M] () -- C:\Users\Konstantin\jagex_cl_runescape_LIVE1.dat
[2012.02.08 20:15:25 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.08 19:39:28 | 541,215,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.08 19:36:01 | 001,075,528 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Konstantin\Desktop\procexp64.exe
[2012.02.04 18:12:59 | 000,002,092 | ---- | M] () -- C:\Users\Konstantin\Desktop\RuneScape.lnk
[2012.02.03 01:12:17 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.03 00:54:17 | 000,007,598 | ---- | M] () -- C:\Users\Konstantin\AppData\Local\Resmon.ResmonCfg
[2012.01.24 13:50:46 | 000,168,864 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.01.24 13:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2012.01.23 07:45:07 | 000,514,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.20 10:47:20 | 000,020,467 | ---- | C] () -- C:\Users\Konstantin\Desktop\823530519054e1683f5f9d6c06b23986f15a8292441d98b5625130ffd430dcbe6a44b995.jpg
[2012.02.20 10:25:20 | 000,612,577 | ---- | C] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg2.jpg
[2012.02.20 10:17:59 | 000,723,019 | ---- | C] () -- C:\Users\Konstantin\Desktop\Foto0176.jpg
[2012.02.20 10:17:59 | 000,637,923 | ---- | C] () -- C:\Users\Konstantin\Desktop\Foto0177.jpg
[2012.02.19 12:44:59 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.19 12:15:46 | 081,313,744 | ---- | C] () -- C:\Users\Konstantin\Desktop\avira_antivirus_premium_de.exe
[2012.02.18 17:59:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.18 17:57:43 | 000,072,268 | ---- | C] () -- C:\Users\Konstantin\Desktop\procexp.chm
[2012.02.18 17:24:50 | 026,304,337 | ---- | C] () -- C:\Users\Konstantin\Desktop\avira_free_antivirus_898de.exe
[2012.02.04 18:13:25 | 000,000,024 | ---- | C] () -- C:\Users\Konstantin\jagexappletviewer.preferences
[2012.02.04 18:12:59 | 000,002,122 | ---- | C] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2012.02.04 18:12:59 | 000,002,092 | ---- | C] () -- C:\Users\Konstantin\Desktop\RuneScape.lnk
[2012.02.03 01:12:17 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.03 01:12:16 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.29 21:23:42 | 000,004,334 | ---- | C] () -- C:\Users\Konstantin\Desktop\config.cfg
[2012.01.17 19:43:06 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll
[2012.01.17 19:43:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll
[2011.12.17 13:26:54 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.12.17 13:24:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.12.17 13:22:18 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.17 05:25:13 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.12.17 05:25:13 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.12.17 05:25:13 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.15 12:23:51 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.15 12:23:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.05 18:02:28 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.08.05 11:09:32 | 000,007,598 | ---- | C] () -- C:\Users\Konstantin\AppData\Local\Resmon.ResmonCfg
[2011.07.12 19:08:35 | 000,000,098 | ---- | C] () -- C:\Users\Konstantin\AppData\Local\fusioncache.dat
[2011.07.12 19:05:50 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.05 14:21:23 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.06.18 12:30:16 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.06.18 12:30:16 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.06.18 12:30:16 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.06.18 12:25:55 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2011.09.15 05:55:14 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\BitComet
[2011.10.04 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\bizarre creations
[2011.12.26 18:40:10 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\concept design
[2011.06.17 18:11:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Lite
[2011.06.18 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Pro
[2011.09.04 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Dyyno
[2011.06.10 13:33:51 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\FileZilla
[2012.02.18 15:26:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ICQ
[2011.06.14 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\JonDo
[2011.12.24 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\MAGIX
[2011.07.12 23:58:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\OpenOffice.org
[2011.05.17 17:07:06 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Publish Providers
[2011.09.01 17:15:08 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\RenPy
[2011.05.23 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Samsung
[2011.07.04 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra
[2011.07.04 18:30:31 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra Entertainment
[2011.05.17 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sony
[2011.09.23 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TeamViewer
[2012.01.05 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TS3Client
[2011.06.23 14:21:36 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Unity
[2011.07.08 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\WinBatch
[2011.10.04 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Windows Live Writer
[2012.02.20 09:39:55 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012.02.08 19:37:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.10 22:04:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Adobe
[2012.01.02 12:01:04 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Apple Computer
[2001.12.31 23:11:13 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ATI
[2012.02.19 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Avira
[2011.09.15 05:55:14 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\BitComet
[2011.10.04 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\bizarre creations
[2011.12.26 18:40:10 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\concept design
[2011.06.17 18:11:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Lite
[2011.06.18 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DAEMON Tools Pro
[2012.01.18 17:41:06 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Download Manager
[2011.09.04 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Dyyno
[2011.06.10 13:33:51 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\FileZilla
[2012.02.18 15:26:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ICQ
[2011.05.15 12:01:18 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Identities
[2011.06.14 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\JonDo
[2011.05.15 12:28:03 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Macromedia
[2011.12.24 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\MAGIX
[2012.02.18 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Media Center Programs
[2012.01.27 19:11:27 | 000,000,000 | --SD | M] -- C:\Users\Konstantin\AppData\Roaming\Microsoft
[2012.02.03 01:12:29 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Mozilla
[2011.07.12 23:58:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\OpenOffice.org
[2011.05.17 17:07:06 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Publish Providers
[2011.09.01 17:15:08 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\RenPy
[2011.05.23 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Samsung
[2011.07.04 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra
[2011.07.04 18:30:31 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sierra Entertainment
[2012.01.24 22:00:11 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Skype
[2011.05.17 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Sony
[2011.09.23 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TeamViewer
[2012.01.05 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TS3Client
[2011.06.23 14:21:36 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Unity
[2011.08.24 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\vlc
[2011.07.08 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\WinBatch
[2011.10.04 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Windows Live Writer
[2011.05.16 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.10.04 19:57:52 | 010,274,313 | ---- | M] (Igor Pavlov) -- C:\Users\Konstantin\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe
[2012.02.04 18:12:59 | 000,015,086 | R--- | M] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Installer\{5D87C09F-512F-474A-A306-0FE3B89C396F}\launcher.exe
[2011.08.20 20:11:07 | 000,010,134 | R--- | M] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 21.02.2012, 10:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Zitat:
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschauen?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2012, 12:56   #11
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Legale Alternativen?
Werd ich mir hinter die ohren schreiben.


Ich verstehe das aber nicht. Ich mach schon nichts aber die CPU kommt t.dem
an die 70-100 % :S

Langsam ka was ich machen soll :S

Alt 21.02.2012, 13:03   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Zitat:
Legale Alternativen?
Videothek? DVDs kaufen? Sowas in der Art

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2132976033-2582622444-1119226143-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.23 13:20:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\Shell\AutoRun\command - "" = F:\Setup.exe
:Files
C:\Users\Konstantin\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2012, 10:32   #13
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2132976033-2582622444-1119226143-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{352eb94a-9998-11e0-b325-00ff01000001}\ not found.
File I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bc1d62b-e104-11e0-a047-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bc1d62b-e104-11e0-a047-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bc1d62b-e104-11e0-a047-00ff01000001}\ not found.
File F:\Setup.exe not found.
========== FILES ==========
File\Folder C:\Users\Konstantin\AppData\Local\{* not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Konstantin
->Temp folder emptied: 393216 bytes
->Temporary Internet Files folder emptied: 2539520 bytes
->Java cache emptied: 1440010 bytes
->FireFox cache emptied: 18067479 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 21,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.0 log created on 02222012_112739

Files\Folders moved on Reboot...
File\Folder C:\Users\Konstantin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
Hat das alles seine richtigkeit?

Alt 22.02.2012, 12:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.02.2012, 12:01   #15
ArkeologeN
 
PC Auslastung seit paar tagen Extrem hoch. - Standard

PC Auslastung seit paar tagen Extrem hoch.



Code:
ATTFilter
12:59:03.0967 4184	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
12:59:04.0818 4184	============================================================
12:59:04.0818 4184	Current date / time: 2012/02/24 12:59:04.0818
12:59:04.0818 4184	SystemInfo:
12:59:04.0818 4184	
12:59:04.0819 4184	OS Version: 6.1.7600 ServicePack: 0.0
12:59:04.0819 4184	Product type: Workstation
12:59:04.0819 4184	ComputerName: KONSTANTINS-PC
12:59:04.0820 4184	UserName: Konstantin
12:59:04.0820 4184	Windows directory: C:\Windows
12:59:04.0820 4184	System windows directory: C:\Windows
12:59:04.0820 4184	Running under WOW64
12:59:04.0820 4184	Processor architecture: Intel x64
12:59:04.0820 4184	Number of processors: 2
12:59:04.0820 4184	Page size: 0x1000
12:59:04.0820 4184	Boot type: Normal boot
12:59:04.0820 4184	============================================================
12:59:06.0267 4184	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:59:06.0285 4184	\Device\Harddisk0\DR0:
12:59:06.0285 4184	MBR used
12:59:06.0286 4184	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x807, BlocksNum 0x61944FF9
12:59:06.0318 4184	Initialize success
12:59:06.0318 4184	============================================================
12:59:44.0781 4452	============================================================
12:59:44.0781 4452	Scan started
12:59:44.0781 4452	Mode: Manual; SigCheck; TDLFS; 
12:59:44.0781 4452	============================================================
12:59:45.0186 4452	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:59:45.0294 4452	1394ohci - ok
12:59:45.0337 4452	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:59:45.0357 4452	ACPI - ok
12:59:45.0378 4452	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:59:45.0443 4452	AcpiPmi - ok
12:59:45.0515 4452	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:59:45.0542 4452	adp94xx - ok
12:59:45.0570 4452	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:59:45.0588 4452	adpahci - ok
12:59:45.0620 4452	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:59:45.0635 4452	adpu320 - ok
12:59:45.0696 4452	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
12:59:45.0815 4452	AFD - ok
12:59:45.0840 4452	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:59:45.0853 4452	agp440 - ok
12:59:45.0878 4452	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:59:45.0890 4452	aliide - ok
12:59:45.0925 4452	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:59:45.0936 4452	amdide - ok
12:59:45.0954 4452	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:59:45.0988 4452	AmdK8 - ok
12:59:46.0184 4452	amdkmdag        (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:59:46.0422 4452	amdkmdag - ok
12:59:46.0460 4452	amdkmdap        (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
12:59:46.0483 4452	amdkmdap - ok
12:59:46.0500 4452	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:59:46.0522 4452	AmdPPM - ok
12:59:46.0565 4452	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
12:59:46.0578 4452	amdsata - ok
12:59:46.0610 4452	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:59:46.0626 4452	amdsbs - ok
12:59:46.0656 4452	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
12:59:46.0669 4452	amdxata - ok
12:59:46.0766 4452	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:59:46.0840 4452	AppID - ok
12:59:46.0903 4452	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:59:46.0916 4452	arc - ok
12:59:46.0941 4452	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:59:46.0954 4452	arcsas - ok
12:59:46.0996 4452	asusgsb         (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
12:59:47.0006 4452	asusgsb ( UnsignedFile.Multi.Generic ) - warning
12:59:47.0006 4452	asusgsb - detected UnsignedFile.Multi.Generic (1)
12:59:47.0044 4452	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:59:47.0095 4452	AsyncMac - ok
12:59:47.0122 4452	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:59:47.0135 4452	atapi - ok
12:59:47.0183 4452	AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
12:59:47.0222 4452	AtiHDAudioService - ok
12:59:47.0267 4452	AtiHdmiService  (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
12:59:47.0278 4452	AtiHdmiService - ok
12:59:47.0336 4452	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:59:47.0350 4452	avgntflt - ok
12:59:47.0403 4452	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:59:47.0425 4452	avipbb - ok
12:59:47.0471 4452	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:59:47.0480 4452	avkmgr - ok
12:59:47.0521 4452	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:59:47.0572 4452	b06bdrv - ok
12:59:47.0598 4452	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:59:47.0621 4452	b57nd60a - ok
12:59:47.0656 4452	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:59:47.0709 4452	Beep - ok
12:59:47.0777 4452	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:59:47.0806 4452	blbdrive - ok
12:59:47.0842 4452	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:59:47.0882 4452	bowser - ok
12:59:47.0898 4452	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:59:47.0928 4452	BrFiltLo - ok
12:59:47.0957 4452	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:59:47.0974 4452	BrFiltUp - ok
12:59:48.0017 4452	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:59:48.0050 4452	Brserid - ok
12:59:48.0066 4452	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:59:48.0084 4452	BrSerWdm - ok
12:59:48.0100 4452	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:59:48.0132 4452	BrUsbMdm - ok
12:59:48.0147 4452	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:59:48.0162 4452	BrUsbSer - ok
12:59:48.0177 4452	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:59:48.0199 4452	BTHMODEM - ok
12:59:48.0241 4452	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:59:48.0280 4452	cdfs - ok
12:59:48.0312 4452	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:59:48.0335 4452	cdrom - ok
12:59:48.0357 4452	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:59:48.0375 4452	circlass - ok
12:59:48.0415 4452	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:59:48.0443 4452	CLFS - ok
12:59:48.0487 4452	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:59:48.0511 4452	CmBatt - ok
12:59:48.0535 4452	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:59:48.0548 4452	cmdide - ok
12:59:48.0574 4452	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:59:48.0607 4452	CNG - ok
12:59:48.0633 4452	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:59:48.0644 4452	Compbatt - ok
12:59:48.0671 4452	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:59:48.0698 4452	CompositeBus - ok
12:59:48.0730 4452	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:59:48.0742 4452	crcdisk - ok
12:59:48.0797 4452	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:59:48.0842 4452	CSC - ok
12:59:48.0886 4452	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
12:59:48.0937 4452	DfsC - ok
12:59:48.0968 4452	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:59:49.0018 4452	discache - ok
12:59:49.0057 4452	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:59:49.0070 4452	Disk - ok
12:59:49.0142 4452	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:59:49.0175 4452	drmkaud - ok
12:59:49.0231 4452	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:59:49.0264 4452	DXGKrnl - ok
12:59:49.0339 4452	EagleX64 - ok
12:59:49.0418 4452	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:59:49.0494 4452	ebdrv - ok
12:59:49.0552 4452	EIO64 - ok
12:59:49.0584 4452	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:59:49.0608 4452	elxstor - ok
12:59:49.0631 4452	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:59:49.0666 4452	ErrDev - ok
12:59:49.0703 4452	ESLvnic1        (c33acb897af927d1c1bd84f211fae75b) C:\Windows\system32\DRIVERS\ESLvnic.sys
12:59:49.0719 4452	ESLvnic1 - ok
12:59:49.0766 4452	ESLWireAC       (abc24f129c616e5dee5ce58683606c84) C:\Windows\system32\drivers\ESLWireACD.sys
12:59:49.0780 4452	ESLWireAC - ok
12:59:49.0811 4452	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:59:49.0860 4452	exfat - ok
12:59:49.0894 4452	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:59:49.0953 4452	fastfat - ok
12:59:49.0977 4452	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:59:50.0011 4452	fdc - ok
12:59:50.0066 4452	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:59:50.0079 4452	FileInfo - ok
12:59:50.0112 4452	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:59:50.0150 4452	Filetrace - ok
12:59:50.0165 4452	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:59:50.0180 4452	flpydisk - ok
12:59:50.0210 4452	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:59:50.0227 4452	FltMgr - ok
12:59:50.0260 4452	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:59:50.0274 4452	FsDepends - ok
12:59:50.0298 4452	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:59:50.0310 4452	Fs_Rec - ok
12:59:50.0364 4452	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:59:50.0382 4452	fvevol - ok
12:59:50.0409 4452	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:59:50.0422 4452	gagp30kx - ok
12:59:50.0473 4452	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:59:50.0484 4452	GEARAspiWDM - ok
12:59:50.0516 4452	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:59:50.0537 4452	hcw85cir - ok
12:59:50.0592 4452	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:59:50.0618 4452	HdAudAddService - ok
12:59:50.0654 4452	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:59:50.0682 4452	HDAudBus - ok
12:59:50.0698 4452	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:59:50.0718 4452	HidBatt - ok
12:59:50.0734 4452	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:59:50.0775 4452	HidBth - ok
12:59:50.0809 4452	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:59:50.0835 4452	HidIr - ok
12:59:50.0878 4452	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:59:50.0894 4452	HidUsb - ok
12:59:50.0928 4452	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:59:50.0941 4452	HpSAMD - ok
12:59:50.0985 4452	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:59:51.0044 4452	HTTP - ok
12:59:51.0065 4452	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:59:51.0077 4452	hwpolicy - ok
12:59:51.0098 4452	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:59:51.0121 4452	i8042prt - ok
12:59:51.0141 4452	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
12:59:51.0159 4452	iaStorV - ok
12:59:51.0209 4452	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:59:51.0221 4452	iirsp - ok
12:59:51.0326 4452	IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
12:59:51.0393 4452	IntcAzAudAddService - ok
12:59:51.0425 4452	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:59:51.0437 4452	intelide - ok
12:59:51.0508 4452	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:59:51.0550 4452	intelppm - ok
12:59:51.0584 4452	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:59:51.0625 4452	IpFilterDriver - ok
12:59:51.0647 4452	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:59:51.0664 4452	IPMIDRV - ok
12:59:51.0681 4452	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:59:51.0729 4452	IPNAT - ok
12:59:51.0766 4452	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:59:51.0810 4452	IRENUM - ok
12:59:51.0835 4452	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:59:51.0848 4452	isapnp - ok
12:59:51.0872 4452	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:59:51.0888 4452	iScsiPrt - ok
12:59:51.0921 4452	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:59:51.0933 4452	kbdclass - ok
12:59:51.0962 4452	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:59:51.0986 4452	kbdhid - ok
12:59:52.0020 4452	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:59:52.0034 4452	KSecDD - ok
12:59:52.0068 4452	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:59:52.0082 4452	KSecPkg - ok
12:59:52.0109 4452	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:59:52.0150 4452	ksthunk - ok
12:59:52.0208 4452	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:59:52.0257 4452	lltdio - ok
12:59:52.0313 4452	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:59:52.0326 4452	LSI_FC - ok
12:59:52.0343 4452	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:59:52.0357 4452	LSI_SAS - ok
12:59:52.0389 4452	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:59:52.0402 4452	LSI_SAS2 - ok
12:59:52.0428 4452	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:59:52.0444 4452	LSI_SCSI - ok
12:59:52.0475 4452	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:59:52.0560 4452	luafv - ok
12:59:52.0626 4452	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:59:52.0636 4452	MBAMProtector - ok
12:59:52.0680 4452	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:59:52.0692 4452	megasas - ok
12:59:52.0726 4452	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:59:52.0744 4452	MegaSR - ok
12:59:52.0790 4452	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:59:52.0834 4452	Modem - ok
12:59:52.0858 4452	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:59:52.0882 4452	monitor - ok
12:59:52.0898 4452	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:59:52.0911 4452	mouclass - ok
12:59:52.0939 4452	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:59:52.0958 4452	mouhid - ok
12:59:52.0986 4452	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:59:53.0000 4452	mountmgr - ok
12:59:53.0048 4452	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:59:53.0064 4452	mpio - ok
12:59:53.0117 4452	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:59:53.0164 4452	mpsdrv - ok
12:59:53.0196 4452	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:59:53.0231 4452	MRxDAV - ok
12:59:53.0273 4452	mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:59:53.0305 4452	mrxsmb - ok
12:59:53.0327 4452	mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:59:53.0354 4452	mrxsmb10 - ok
12:59:53.0377 4452	mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:59:53.0398 4452	mrxsmb20 - ok
12:59:53.0419 4452	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:59:53.0431 4452	msahci - ok
12:59:53.0459 4452	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:59:53.0474 4452	msdsm - ok
12:59:53.0517 4452	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:59:53.0560 4452	Msfs - ok
12:59:53.0584 4452	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:59:53.0638 4452	mshidkmdf - ok
12:59:53.0662 4452	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:59:53.0674 4452	msisadrv - ok
12:59:53.0726 4452	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:59:53.0764 4452	MSKSSRV - ok
12:59:53.0793 4452	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:59:53.0837 4452	MSPCLOCK - ok
12:59:53.0853 4452	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:59:53.0892 4452	MSPQM - ok
12:59:53.0925 4452	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:59:53.0944 4452	MsRPC - ok
12:59:53.0966 4452	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:59:53.0978 4452	mssmbios - ok
12:59:53.0993 4452	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:59:54.0036 4452	MSTEE - ok
12:59:54.0062 4452	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:59:54.0096 4452	MTConfig - ok
12:59:54.0123 4452	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:59:54.0135 4452	Mup - ok
12:59:54.0181 4452	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:59:54.0214 4452	NativeWifiP - ok
12:59:54.0268 4452	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:59:54.0298 4452	NDIS - ok
12:59:54.0331 4452	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:59:54.0371 4452	NdisCap - ok
12:59:54.0405 4452	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:59:54.0449 4452	NdisTapi - ok
12:59:54.0478 4452	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:59:54.0524 4452	Ndisuio - ok
12:59:54.0556 4452	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:59:54.0601 4452	NdisWan - ok
12:59:54.0621 4452	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:59:54.0661 4452	NDProxy - ok
12:59:54.0682 4452	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:59:54.0725 4452	NetBIOS - ok
12:59:54.0837 4452	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:59:54.0905 4452	NetBT - ok
12:59:55.0063 4452	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:59:55.0075 4452	nfrd960 - ok
12:59:55.0096 4452	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:59:55.0140 4452	Npfs - ok
12:59:55.0172 4452	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:59:55.0227 4452	nsiproxy - ok
12:59:55.0271 4452	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
12:59:55.0323 4452	Ntfs - ok
12:59:55.0343 4452	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:59:55.0391 4452	Null - ok
12:59:55.0407 4452	nvlddmkm - ok
12:59:55.0437 4452	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
12:59:55.0451 4452	nvraid - ok
12:59:55.0480 4452	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
12:59:55.0495 4452	nvstor - ok
12:59:55.0527 4452	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:59:55.0541 4452	nv_agp - ok
12:59:55.0558 4452	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:59:55.0578 4452	ohci1394 - ok
12:59:55.0685 4452	PAC207          (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
12:59:55.0714 4452	PAC207 - ok
12:59:55.0746 4452	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:59:55.0763 4452	Parport - ok
12:59:55.0786 4452	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:59:55.0799 4452	partmgr - ok
12:59:55.0841 4452	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:59:55.0857 4452	pci - ok
12:59:55.0880 4452	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:59:55.0892 4452	pciide - ok
12:59:55.0923 4452	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:59:55.0938 4452	pcmcia - ok
12:59:55.0966 4452	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:59:55.0978 4452	pcw - ok
12:59:55.0997 4452	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:59:56.0059 4452	PEAUTH - ok
12:59:56.0172 4452	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:59:56.0212 4452	PptpMiniport - ok
12:59:56.0238 4452	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:59:56.0272 4452	Processor - ok
12:59:56.0300 4452	PROCEXP151 - ok
12:59:56.0375 4452	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:59:56.0417 4452	ql2300 - ok
12:59:56.0449 4452	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:59:56.0463 4452	ql40xx - ok
12:59:56.0490 4452	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:59:56.0525 4452	QWAVEdrv - ok
12:59:56.0546 4452	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:59:56.0598 4452	RasAcd - ok
12:59:56.0631 4452	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:59:56.0672 4452	RasAgileVpn - ok
12:59:56.0705 4452	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:59:56.0749 4452	Rasl2tp - ok
12:59:56.0780 4452	RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
12:59:56.0791 4452	RasPppoe ( UnsignedFile.Multi.Generic ) - warning
12:59:56.0791 4452	RasPppoe - detected UnsignedFile.Multi.Generic (1)
12:59:56.0811 4452	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:59:56.0874 4452	RasSstp - ok
12:59:56.0894 4452	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:59:56.0938 4452	rdbss - ok
12:59:56.0976 4452	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:59:56.0993 4452	rdpbus - ok
12:59:57.0009 4452	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:59:57.0048 4452	RDPCDD - ok
12:59:57.0096 4452	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:59:57.0121 4452	RDPDR - ok
12:59:57.0145 4452	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:59:57.0190 4452	RDPENCDD - ok
12:59:57.0211 4452	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:59:57.0251 4452	RDPREFMP - ok
12:59:57.0281 4452	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:59:57.0340 4452	RDPWD - ok
12:59:57.0372 4452	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:59:57.0388 4452	rdyboost - ok
12:59:57.0420 4452	RMCAST          (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
12:59:57.0470 4452	RMCAST - ok
12:59:57.0524 4452	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:59:57.0582 4452	rspndr - ok
12:59:57.0686 4452	RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:59:57.0731 4452	RTL8167 - ok
12:59:57.0752 4452	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:59:57.0793 4452	s3cap - ok
12:59:57.0842 4452	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:59:57.0856 4452	sbp2port - ok
12:59:57.0878 4452	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:59:57.0919 4452	scfilter - ok
12:59:57.0965 4452	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:59:58.0018 4452	secdrv - ok
12:59:58.0057 4452	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:59:58.0075 4452	Serenum - ok
12:59:58.0117 4452	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:59:58.0133 4452	Serial - ok
12:59:58.0150 4452	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:59:58.0171 4452	sermouse - ok
12:59:58.0214 4452	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:59:58.0245 4452	sffdisk - ok
12:59:58.0264 4452	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:59:58.0288 4452	sffp_mmc - ok
12:59:58.0317 4452	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:59:58.0337 4452	sffp_sd - ok
12:59:58.0351 4452	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:59:58.0376 4452	sfloppy - ok
12:59:58.0404 4452	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:59:58.0417 4452	SiSRaid2 - ok
12:59:58.0445 4452	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:59:58.0459 4452	SiSRaid4 - ok
12:59:58.0483 4452	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:59:58.0537 4452	Smb - ok
12:59:58.0600 4452	snapman         (b2aa7562ba5858633fcdcd246e8d6730) C:\Windows\system32\DRIVERS\snapman.sys
12:59:58.0615 4452	snapman - ok
12:59:58.0645 4452	speedfan - ok
12:59:58.0674 4452	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:59:58.0687 4452	spldr - ok
12:59:58.0774 4452	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
12:59:58.0774 4452	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
12:59:58.0778 4452	sptd ( LockedFile.Multi.Generic ) - warning
12:59:58.0778 4452	sptd - detected LockedFile.Multi.Generic (1)
12:59:58.0812 4452	srv             (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
12:59:58.0846 4452	srv - ok
12:59:58.0882 4452	srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
12:59:58.0912 4452	srv2 - ok
12:59:58.0951 4452	srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
12:59:58.0978 4452	srvnet - ok
12:59:59.0010 4452	sscdbus         (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
12:59:59.0022 4452	sscdbus - ok
12:59:59.0060 4452	sscdmdfl        (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
12:59:59.0069 4452	sscdmdfl - ok
12:59:59.0106 4452	sscdmdm         (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
12:59:59.0119 4452	sscdmdm - ok
12:59:59.0172 4452	ss_bbus         (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
12:59:59.0183 4452	ss_bbus - ok
12:59:59.0206 4452	ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
12:59:59.0215 4452	ss_bmdfl - ok
12:59:59.0242 4452	ss_bmdm         (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
12:59:59.0254 4452	ss_bmdm - ok
12:59:59.0321 4452	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:59:59.0333 4452	stexstor - ok
12:59:59.0387 4452	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:59:59.0400 4452	storflt - ok
12:59:59.0423 4452	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:59:59.0436 4452	storvsc - ok
12:59:59.0466 4452	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:59:59.0478 4452	swenum - ok
12:59:59.0569 4452	Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
12:59:59.0618 4452	Tcpip - ok
12:59:59.0669 4452	TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
12:59:59.0710 4452	TCPIP6 - ok
12:59:59.0744 4452	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:59:59.0803 4452	tcpipreg - ok
12:59:59.0837 4452	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:59:59.0891 4452	TDPIPE - ok
12:59:59.0912 4452	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:59:59.0952 4452	TDTCP - ok
12:59:59.0988 4452	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:00:00.0036 4452	tdx - ok
13:00:00.0102 4452	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:00:00.0115 4452	TermDD - ok
13:00:00.0165 4452	TFsExDisk       (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
13:00:00.0175 4452	TFsExDisk - ok
13:00:00.0229 4452	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:00:00.0292 4452	tssecsrv - ok
13:00:00.0334 4452	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:00:00.0383 4452	tunnel - ok
13:00:00.0399 4452	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:00:00.0412 4452	uagp35 - ok
13:00:00.0440 4452	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:00:00.0496 4452	udfs - ok
13:00:00.0546 4452	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:00:00.0559 4452	uliagpkx - ok
13:00:00.0602 4452	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:00:00.0630 4452	umbus - ok
13:00:00.0646 4452	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:00:00.0665 4452	UmPass - ok
13:00:00.0724 4452	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:00:00.0750 4452	USBAAPL64 - ok
13:00:00.0774 4452	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:00:00.0801 4452	usbccgp - ok
13:00:00.0818 4452	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:00:00.0845 4452	usbcir - ok
13:00:00.0868 4452	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:00:00.0900 4452	usbehci - ok
13:00:00.0930 4452	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:00:00.0950 4452	usbhub - ok
13:00:00.0979 4452	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:00:00.0994 4452	usbohci - ok
13:00:01.0024 4452	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:00:01.0057 4452	usbprint - ok
13:00:01.0093 4452	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:00:01.0118 4452	usbscan - ok
13:00:01.0146 4452	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:00:01.0163 4452	USBSTOR - ok
13:00:01.0179 4452	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:00:01.0194 4452	usbuhci - ok
13:00:01.0253 4452	VBoxDrv         (0480981ebec902c763f83007274496ca) C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:00:01.0269 4452	VBoxDrv - ok
13:00:01.0296 4452	VBoxNetAdp      (e3c33cead666eec05beb2beff60c33f9) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:00:01.0315 4452	VBoxNetAdp - ok
13:00:01.0346 4452	VBoxNetFlt      (e4149d4063859ad42df69d8c61acffef) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
13:00:01.0358 4452	VBoxNetFlt - ok
13:00:01.0414 4452	VBoxUSBMon      (8908bb024508e71413b807ab3715ad97) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:00:01.0426 4452	VBoxUSBMon - ok
13:00:01.0453 4452	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:00:01.0465 4452	vdrvroot - ok
13:00:01.0496 4452	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:00:01.0515 4452	vga - ok
13:00:01.0540 4452	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:00:01.0596 4452	VgaSave - ok
13:00:01.0613 4452	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:00:01.0630 4452	vhdmp - ok
13:00:01.0652 4452	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:00:01.0664 4452	viaide - ok
13:00:01.0707 4452	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
13:00:01.0723 4452	vmbus - ok
13:00:01.0746 4452	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:00:01.0774 4452	VMBusHID - ok
13:00:01.0837 4452	vmm             (c6f8fbde19960e0b172cd76d2677f5e2) C:\Windows\system32\Treiber\vmm.sys
13:00:01.0854 4452	vmm - ok
13:00:01.0875 4452	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:00:01.0888 4452	volmgr - ok
13:00:01.0923 4452	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:00:01.0942 4452	volmgrx - ok
13:00:01.0970 4452	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:00:01.0989 4452	volsnap - ok
13:00:02.0030 4452	VPCNetS2        (6bdca00fc57cc40da3c8e88b2cea21ab) C:\Windows\system32\DRIVERS\VMNetSrv.sys
13:00:02.0041 4452	VPCNetS2 - ok
13:00:02.0073 4452	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:00:02.0092 4452	vsmraid - ok
13:00:02.0122 4452	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:00:02.0140 4452	vwifibus - ok
13:00:02.0173 4452	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:00:02.0209 4452	WacomPen - ok
13:00:02.0254 4452	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:02.0308 4452	WANARP - ok
13:00:02.0319 4452	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:02.0364 4452	Wanarpv6 - ok
13:00:02.0409 4452	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:00:02.0421 4452	Wd - ok
13:00:02.0458 4452	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:00:02.0484 4452	Wdf01000 - ok
13:00:02.0545 4452	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:00:02.0583 4452	WfpLwf - ok
13:00:02.0604 4452	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:00:02.0616 4452	WIMMount - ok
13:00:02.0681 4452	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:00:02.0708 4452	WmiAcpi - ok
13:00:02.0769 4452	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:00:02.0823 4452	ws2ifsl - ok
13:00:02.0880 4452	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:00:02.0933 4452	WudfPf - ok
13:00:02.0960 4452	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:00:03.0000 4452	WUDFRd - ok
13:00:03.0056 4452	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:00:03.0583 4452	\Device\Harddisk0\DR0 - ok
13:00:03.0596 4452	Boot (0x1200)   (aa40bd229c2ed83570a0adbedddf427a) \Device\Harddisk0\DR0\Partition0
13:00:03.0596 4452	\Device\Harddisk0\DR0\Partition0 - ok
13:00:03.0601 4452	============================================================
13:00:03.0601 4452	Scan finished
13:00:03.0601 4452	============================================================
13:00:03.0646 4696	Detected object count: 3
13:00:03.0646 4696	Actual detected object count: 3
13:00:16.0930 4696	asusgsb ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:16.0930 4696	asusgsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:00:16.0933 4696	RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:16.0933 4696	RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:00:16.0937 4696	sptd ( LockedFile.Multi.Generic ) - skipped by user
13:00:16.0937 4696	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
13:01:03.0910 1828	Deinitialize success
         

Antwort

Themen zu PC Auslastung seit paar tagen Extrem hoch.
auslastung, board, cpu, cpu auslastung, extrem, hohe, hohe cpu auslastung, installier, installiert, komisch, neues, nichts, spring, springt, tagen, troja



Ähnliche Themen: PC Auslastung seit paar tagen Extrem hoch.


  1. Popups und neue Seiten öffnen sich seit ein paar Tagen, sobald ich in chrome arbeite.
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (20)
  2. Pc ist seit paar Tagen sehr Langsam!
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (32)
  3. Pc ist seit paar Tagen sehr Langsam!
    Mülltonne - 16.03.2014 (1)
  4. Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (36)
  5. (2x) Seit ein paar tagen einen verschlüsselungstrojaner auf dem Laptop
    Mülltonne - 24.06.2012 (0)
  6. Seit ein paar tagen geht das Fenster aufmachen in Mozila so langsam und lädt immer
    Log-Analyse und Auswertung - 24.01.2012 (7)
  7. Mein Netbook macht seit ein paar Tagen Sonderzeichen immer doppelt. --> keylogger?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (4)
  8. Netbook seit paar Tagen sehr langsam (300 Ping)
    Log-Analyse und Auswertung - 10.05.2011 (6)
  9. Internet seit Tagen extrem ausgebremst
    Log-Analyse und Auswertung - 09.01.2011 (41)
  10. Ich lande seit ein paar Tagen beim anklicken von Links immer auf anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (9)
  11. Internet ist seit ein paar Tagen langsam!
    Log-Analyse und Auswertung - 30.05.2010 (0)
  12. Seit paar Tagen nervige Popups
    Log-Analyse und Auswertung - 05.01.2010 (17)
  13. Ständig Werbefenster seit ein paar Tagen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2009 (16)
  14. Hallo Internet seit paar Tagen langsam
    Log-Analyse und Auswertung - 21.07.2009 (1)
  15. Internet seit Tagen extrem langsam
    Log-Analyse und Auswertung - 03.12.2008 (6)
  16. Internet seit 2 Tagen extrem langsam
    Log-Analyse und Auswertung - 05.10.2008 (6)
  17. PC seit einigen Tagen extrem langsam
    Log-Analyse und Auswertung - 29.01.2006 (8)

Zum Thema PC Auslastung seit paar tagen Extrem hoch. - Hallo Troja Board, mein PC hat seit ein paar Tagen Komisch hohe CPU Auslastung, ich hab eigentlich nichts neues installiert, aber dennoch springt er von 17% Auf 80%+ Woran könnte - PC Auslastung seit paar tagen Extrem hoch....
Archiv
Du betrachtest: PC Auslastung seit paar tagen Extrem hoch. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.