Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.05.2010, 19:15   #1
pingiiiSTAR
 
Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei! - Icon32

Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!



Hallo,

Ich besitze ein MSI GT729 Laptop mit Windows Vista 64Bit.
Bisher hatte ich eigentlich nie Probleme mit dem Laptop, jedoch ist dieser seit einigen Tagen unglaublich langsam geworden. Zudem springt neuerdings meine CPU-Auslastung wie ein junges Karnickel auf und ab!
Ich bin auf das Programm HijackThis gestoßen, bin jedoch nicht 100 Prozentig damit vertraut und traue mich dementsprechend nicht irgendwelche Einträge die mir dieses Programm zeigt zu fixen/löschen.
Vielleicht übersehe ich ja auch etwas!

Ist an diesem Log irgendetwas komisch/ungewöhnlich? Was hat dieses ständige (file missing) zu bedeuten? Und warum sind so viele Einträge in @%SystemRoot%\system32\ und nicht System32 (Groß geschrieben!). Hat das was zu bedeuten??


Danke schon einmal im Voraus


Mit freundlichen Grüßen

pingiiiSTAR aka Marcel M.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:12, on 11.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
D:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\ICQLite\ICQLite.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (file missing)
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [AVP] "d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files (x86)\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files (x86)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files (x86)\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: d:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7772 bytes

Alt 11.05.2010, 20:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei! - Standard

Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 13.05.2010, 00:58   #3
pingiiiSTAR
 
Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei! - Rotes Gesicht

Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!



Hallo,

Danke für die schnelle Antwort! Hier die Log-Files:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4092

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12.05.2010 23:45:46
mbam-log-2010-05-12 (23-45-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 295630
Laufzeit: 58 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


------------------------------------------------------------


OTL logfile created on: 12.05.2010 23:51:51 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 16,41 Gb Free Space | 33,61% Space Free | Partition Type: NTFS
Drive D: | 409,12 Gb Total Space | 76,18 Gb Free Space | 18,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star Int'l Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - D:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
PRC - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)


========== Modules (SafeList) ==========

MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll (Kaspersky Lab)
MOD - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\r3hook.dll (Kaspersky Lab)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star Int'l Co., Ltd.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AVP) -- d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\DRIVERS\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys (O2Micro )
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys (O2Micro )
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV - (TuneUpUtilitiesDrv) -- D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (CSC) -- C:\Windows\CSC [2009.09.19 17:01:03 | 000,000,000 | ---D | M]
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.pcgameshardware.de/home/ | www.bild.de | www.stern.de | www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.05.03 20:42:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.02 02:03:59 | 000,000,000 | ---D | M]

[2009.09.19 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.12 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jkiz6wb8.default\extensions
[2009.09.19 22:37:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jkiz6wb8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.18 18:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jkiz6wb8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.04.18 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jkiz6wb8.default\extensions\personas@christopher.beard

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\x64\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (d:\PROGRA~1\KASPER~1\KASPER~1.0\x64\r3hook.dll) - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\x64\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (d:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll) - d:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\r3hook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01e6f6d9-c7a8-11de-9469-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{01e6f6d9-c7a8-11de-9469-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{01e6f6db-c7a8-11de-9469-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{01e6f6db-c7a8-11de-9469-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{3bd652d4-24fc-11df-b1ec-001e101fa1f5}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{3bd652d4-24fc-11df-b1ec-001e101fa1f5}\Shell\mobile\command - "" = K:\MobileLaunch.exe -- File not found
O33 - MountPoints2\{5af43a39-050e-11df-ba97-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{5af43a39-050e-11df-ba97-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{69f353d6-ceeb-11de-907c-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{69f353d6-ceeb-11de-907c-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{69f353d8-ceeb-11de-907c-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{69f353d8-ceeb-11de-907c-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{6c6e51b8-1ca3-11df-90e1-0024216d9859}\Shell\AutoRun\command - "" = F:\wubi.exe -- File not found
O33 - MountPoints2\{a2be6f39-b9bd-11de-9768-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{a2be6f39-b9bd-11de-9768-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{a2be6fa7-b9bd-11de-9768-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{a2be6fa7-b9bd-11de-9768-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{ad07b121-bda1-11de-9acb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe -- File not found
O33 - MountPoints2\{ad2bdeb3-fae7-11de-be88-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{ad2bdeb3-fae7-11de-be88-0022fbb067e0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ad2bdeb4-fae7-11de-be88-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{ad2bdeb4-fae7-11de-be88-0022fbb067e0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ad751e38-045c-11df-a090-0022fbb067e0}\Shell - "" = AutoRun
O33 - MountPoints2\{ad751e38-045c-11df-a090-0022fbb067e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{e2bc5944-a55c-11de-8709-0024216d9859}\Shell - "" = AutoRun
O33 - MountPoints2\{e2bc5944-a55c-11de-8709-0024216d9859}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{f41a894c-a86b-11de-9428-0022fbb067e0}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{fc815610-a52c-11de-bcde-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fc815610-a52c-11de-bcde-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSetup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.12 12:45:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.05.12 12:45:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.12 12:45:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.12 12:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.12 12:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.12 12:40:39 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.05.12 12:38:50 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.11 19:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\E.M. DVD Copy
[2010.05.11 19:39:11 | 005,442,405 | ---- | C] (EffectMatrix, Inc. ) -- C:\Users\***\Desktop\dvdcopy.exe
[2010.05.11 19:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2010.05.11 18:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.05.09 00:12:17 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.05.09 00:12:17 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.05.09 00:12:17 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.05.09 00:12:17 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.05.09 00:09:53 | 000,034,632 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.05.09 00:09:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.05.09 00:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.05.09 00:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.05.08 23:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy
[2010.05.08 02:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.08 02:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.05.08 02:38:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\***\Desktop\spybotsd162.exe
[2010.05.02 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rockstar Games
[2010.05.02 15:07:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Rockstar Games
[2010.05.02 15:07:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.05.02 15:02:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.05.02 14:59:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.05.02 14:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.05.02 03:47:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\storage
[2010.05.02 03:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.05.02 02:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.05.02 02:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.02 02:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.05.02 02:03:59 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.05.02 02:03:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.05.02 02:03:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.05.02 02:03:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files - Modified Within 30 Days ==========

[2010.05.12 23:52:51 | 132,158,268 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2010.05.12 23:51:48 | 002,359,296 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.05.12 23:49:29 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 23:49:28 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 23:49:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.12 23:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.12 23:49:18 | 4294,082,560 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.12 23:48:38 | 002,384,508 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2010.05.12 23:48:27 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regtrans-ms
[2010.05.12 23:48:27 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TM.blf
[2010.05.12 23:48:26 | 003,589,785 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.12 22:28:53 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.12 22:28:53 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.12 22:28:53 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.12 22:28:53 | 000,122,648 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.12 22:28:53 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.12 22:27:17 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0252DEE4-5E2C-4DF0-BD0E-61AF4AE135E4}.job
[2010.05.12 12:45:31 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.12 12:45:05 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.05.12 12:39:32 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.12 12:35:58 | 000,002,723 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2010.05.11 21:42:19 | 000,168,448 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.11 19:43:22 | 000,000,811 | ---- | M] () -- C:\Users\***\Desktop\E.M. DVD Copy.lnk
[2010.05.11 19:42:37 | 005,442,405 | ---- | M] (EffectMatrix, Inc. ) -- C:\Users\***\Desktop\dvdcopy.exe
[2010.05.11 18:51:28 | 000,000,163 | ---- | M] () -- C:\Windows\win.ini
[2010.05.09 16:08:28 | 026,024,173 | ---- | M] () -- C:\Users\***\Desktop\tcss-102-ski.rar
[2010.05.09 00:12:14 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.09 00:12:14 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.05.08 23:56:28 | 000,001,756 | ---- | M] () -- C:\Users\***\Desktop\xp-AntiSpy.lnk
[2010.05.08 02:40:52 | 000,001,097 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2010.05.08 02:39:12 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\***\Desktop\spybotsd162.exe
[2010.05.07 16:40:52 | 000,034,632 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.05.07 16:34:50 | 000,025,928 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.05.07 16:34:42 | 000,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.05.02 03:15:33 | 000,001,928 | ---- | M] () -- C:\Users\***\Desktop\HijackThis.lnk
[2010.04.29 20:51:41 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.04.29 19:11:47 | 000,065,962 | ---- | M] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn
[2010.04.29 19:11:47 | 000,003,562 | ---- | M] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn1
[2010.04.29 19:11:47 | 000,000,298 | ---- | M] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn2
[2010.04.29 19:11:47 | 000,000,050 | ---- | M] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn3
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.27 18:02:08 | 000,000,394 | ---- | M] () -- C:\Users\***\Documents\bla.ser
[2010.04.27 17:30:25 | 000,304,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.04.26 22:32:59 | 000,076,336 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.17 01:14:07 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010.05.12 12:45:31 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.11 19:43:22 | 000,000,811 | ---- | C] () -- C:\Users\***\Desktop\E.M. DVD Copy.lnk
[2010.05.09 16:07:15 | 026,024,173 | ---- | C] () -- C:\Users\***\Desktop\tcss-102-ski.rar
[2010.05.09 00:09:48 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.09 00:09:48 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.05.08 23:56:28 | 000,001,756 | ---- | C] () -- C:\Users\***\Desktop\xp-AntiSpy.lnk
[2010.05.08 02:40:52 | 000,001,097 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 03:15:33 | 000,001,928 | ---- | C] () -- C:\Users\***\Desktop\HijackThis.lnk
[2010.04.29 19:11:47 | 000,065,962 | ---- | C] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn
[2010.04.29 19:11:47 | 000,003,562 | ---- | C] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn1
[2010.04.29 19:11:47 | 000,000,298 | ---- | C] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn2
[2010.04.29 19:11:47 | 000,000,050 | ---- | C] () -- C:\Users\***\Documents\Fuehrungsprozess.lrn3
[2010.01.20 21:51:31 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.12.20 23:39:24 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.09.28 12:32:30 | 000,000,062 | ---- | C] () -- C:\Windows\pcvcdbr.INI
[2009.09.28 12:32:14 | 000,000,000 | ---- | C] () -- C:\Windows\pcvcdvw.INI
[2009.09.27 19:03:19 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.09.27 19:03:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.09.27 19:03:16 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.09.27 19:03:16 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.09.27 19:03:15 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.09.27 19:03:15 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009.09.22 18:00:48 | 000,000,247 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009.09.20 14:47:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.20 14:46:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.20 13:29:13 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.09.19 23:47:34 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\Windows\SysWow64\RemoveDevice.dll
[2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\Windows\RemoveDevice.dll
< End of report >


-----------------------------------------------------------------


OTL Extras logfile created on: 12.05.2010 23:51:51 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 16,41 Gb Free Space | 33,61% Space Free | Partition Type: NTFS
Drive D: | 409,12 Gb Total Space | 76,18 Gb Free Space | 18,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = A8 33 ED 62 ED 39 CA 01 [binary data]
"VistaSp2" = 55 D1 00 16 F4 39 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2378132138-3249781368-3241415355-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F0B7F1-6708-4188-A175-7EC50985848D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29C2FB1A-7D08-4798-AE40-A3E6E63939DF}" = rport=139 | protocol=6 | dir=out | app=system |
"{5072F719-F1D6-4DBA-8460-FAA776799048}" = lport=137 | protocol=17 | dir=in | app=system |
"{509A0258-FFCE-4070-A4FD-3399B270ECA6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{61E16FCC-E5E7-4EC1-A4E8-846F1B38B53A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AEA2530-C57D-49C1-85DF-4B2E044FE796}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FCE4E7B-B900-477C-9CE2-3F142BF63033}" = lport=445 | protocol=6 | dir=in | app=system |
"{81DA8CAB-166F-419F-ADED-214FA225D22A}" = lport=139 | protocol=6 | dir=in | app=system |
"{881935F0-C509-4376-8C97-20660F74363C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD9EA392-833B-4799-ABEA-6EB23C83D484}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C6EF8E6D-613C-432F-83BC-827E4CB20A5C}" = rport=445 | protocol=6 | dir=out | app=system |
"{D267AC9D-97AA-4A7D-9A6F-F12989319A80}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA6B5185-5275-47B9-B8CA-4040AB8B12B1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DB07EF5A-0CA0-4698-A7DA-3FEB44A78AF1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD166C65-65C2-4792-BE7D-2888E5CF48C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{DF2ABDE6-3D68-44D1-A811-71F6B9D54488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F34CD6F9-778A-45B1-B7CE-18266A073195}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F600CDD5-A414-4FCF-BA1B-428C95456951}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010BE00D-773F-4A4B-B39C-7E45DFF06443}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{03B8DCA3-D5B5-46AC-AC63-71D301009A59}" = protocol=6 | dir=in | app=d:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{078182A8-5996-44D6-8E9D-77BDBE8277C2}" = protocol=6 | dir=in | app=d:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{16788875-62DE-417B-817B-263555869507}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{207F1436-8764-46AE-AB74-9ADEC22E850F}" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{219B82B5-9115-4706-888C-1A8ECA464682}" = protocol=17 | dir=in | app=d:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{24ADA0D6-6F8B-404B-A1E2-A98FE24C1E49}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{2B4EFE1D-836A-4362-9BEC-37C4997C0137}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{31B521D0-1D33-4755-BCC4-1CD115AB4B22}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{3D2E221C-7FFB-4D17-8EEC-AE3D32C97EC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{42F7476A-B454-4715-9080-AB68B7AD7B1F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{48520C96-2BE9-4CDE-95E1-DF7A7DB38256}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{4C809463-AF66-4C59-898C-6DA8CA49010B}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{527D44C1-3499-4A0E-89EF-EBE49B653850}" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{547E65D7-4471-45D4-9D9C-4507354AA4E9}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{55277707-D801-4378-8BFF-C08C6288EE1F}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{5991C5E2-7690-4D32-8E7B-12AFD6CE762D}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{5F6D40FE-F345-4DDB-9D4C-D5A838C13AC3}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{629A2497-ED39-4B2D-A0E7-217B28016E89}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{679BCFF6-428A-4903-9CE0-CA4162592536}" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{686E2262-96BC-45C0-967B-7CB5D139A0A3}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{695BBB83-CA8E-459A-BF6E-8A3BBAAD8666}" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{6F308CEB-AFBE-401F-917D-9313C99EBFE4}" = protocol=17 | dir=in | app=d:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{6F875C17-AD9F-4235-A3BA-4FD6A7784F48}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{74556E4F-7AAD-40A4-BDFF-686A3F16E09A}" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{74F0909E-46E7-4BD8-A39B-EA367630719D}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{7A5A9322-BD3D-4DC6-94FC-A3E33CCF0C54}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{7D94BBC5-01C3-40AF-A44C-46B9488188AD}" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{841588B5-D96C-46BA-90CB-3C958ABA3263}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{94B3FB21-43C9-4216-A44F-7A8D3B2C4DB5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{96507809-C4EC-4D14-99DA-6F685E7ECAAB}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{9670B928-D8A0-4834-B108-48ED3C933774}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{9A118076-3F37-4AFF-8E00-2CD2D44F29E8}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{9C156C95-8897-4000-A470-0E10F4A94329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9C1982BC-761D-427B-A867-6930AD8CFD6F}" = protocol=17 | dir=in | app=d:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{A241E877-F2D8-4722-B731-EC2E11AED9B3}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{A4D20251-8E2A-4911-823A-F10931FA6578}" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A885635D-553B-4F07-A0F2-7765EF190232}" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{ACFD04C3-FFEE-4EC0-8C08-52187627D2B5}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{AF0BAB61-EADC-4137-A535-BC6996777262}" = protocol=6 | dir=in | app=d:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{B00BC01A-5D8F-4BEB-AFBB-E9202FA7E286}" = protocol=17 | dir=in | app=d:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{B9453679-01D7-41DC-8AF9-72C0F97EEE74}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{BA55A43A-0684-43C0-B7F6-E2A6A27D3B76}" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{BE0B1222-0429-4B35-BD8C-BF78B5E58C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C68D413D-EDFB-4B6C-B78C-AEC3569E701F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{CDBE0309-1520-44EB-8F3E-0917697E15CA}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{CE93080C-7458-4CEC-B493-C5CB429FA995}" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{CFB735B8-64A1-4483-AF48-DBDBC2C0E40F}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{D012D685-F9A7-4DF0-AD3E-527B6239565A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D0AC0CFE-E5D5-43A6-AEBA-9C0A61867380}" = protocol=17 | dir=in | app=d:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D5A064CA-2CAC-43EE-8ACF-C013E7BD218F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{DE4D6778-CAD3-4530-BD00-F05BFE052A6B}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{E12E3351-1A0C-4394-B780-FB74BDBC9DEC}" = protocol=6 | dir=in | app=d:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{E52EC9A7-58F8-4CBD-A3E5-C129B0D6835A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EFB6EB48-FF91-4D24-9AA5-E2A4AC9E4A5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F2684CF7-B798-4FA5-ADE2-507C935005F0}" = protocol=6 | dir=in | app=d:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{F3A1CE84-41D0-40BB-882A-FAA8A11F4DFA}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{F3AC4436-E6F6-49EE-8A1F-AE7E44867E99}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{FBB5D4AE-2721-48EE-B280-32BD07FFC723}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC1F900E-D631-4813-AABA-D4973857B5EE}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{FDFD707E-5192-4559-85B7-FE6A4154560A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{FE2AEB3E-6484-4D5F-978B-6F0246A42F00}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"TCP Query User{04F8FA64-D7FD-4D55-A8F7-D019C7C18539}D:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=d:\program files (x86)\icqlite\icqlite.exe |
"TCP Query User{1FFF93B7-EFCF-4E03-83E5-349FEF1FB785}D:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\eflc\eflc.exe |
"TCP Query User{765A55D7-0011-49BC-B98A-DE30A57BAB9E}D:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=d:\program files (x86)\icqlite\icqlite.exe |
"TCP Query User{9BC3D739-32A9-44E2-BC20-DD1602F0AA9E}D:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe |
"TCP Query User{B3EAA192-C181-46D7-8183-9AE364F69C98}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{016B6F56-DD0E-493B-A948-55772ECDFAF4}D:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe |
"UDP Query User{2BEC519C-CBDD-40FA-B4C4-FF959C87BF24}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8E7D49E8-DA75-486F-9BCF-458B8F5F7E13}D:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\eflc\eflc.exe |
"UDP Query User{9CC5848F-FB20-4CC2-BC33-17DDF56F7F78}D:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=d:\program files (x86)\icqlite\icqlite.exe |
"UDP Query User{D668247F-E0E7-4B60-B947-E54199030C6A}D:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=d:\program files (x86)\icqlite\icqlite.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{27B84DEC-78D2-E520-4B4F-DB6CE8CEC318}" = ccc-utility64
"{422691F3-3CFA-6607-06D6-CA579E6B35AD}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{A6265E62-D56F-E3D9-8C7C-BC2E0A6FA1B1}" = ccc-utility64
"{A6F1A083-4B12-47E8-9954-E4820C9A65C2}" = O2Micro Flash Memory Card Reader Driver (x64)
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{00D8A43D-4FE6-7AF1-FE10-05B87B07831E}" = CCC Help English
"{043641A4-F4D1-02B6-FFAA-136789EA576A}" = Skins
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{17DB2BEE-2FD6-456F-5E5D-C38DB1ABC8B5}" = ccc-core-static
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.5
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{471D55BB-00D1-F4C9-DDC5-BD8B848E204C}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Kaspersky Anti-Virus 7.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8CBD3538-4A61-7040-A989-D5CAEEABB12C}" = Catalyst Control Center Localization All
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90F8E22E-87EE-4EF3-8FBF-1DB88812351D}" = Taktische Zeichen - Military Symbols
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9DB192F7-BABD-9205-4F47-69BFC5CE12AB}" = Catalyst Control Center Graphics Previews Vista
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.02.10
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{D02A3DBC-6A86-2FB3-699F-6F95BD7A811E}" = Catalyst Control Center Graphics Full New
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DF0D3C2E-11B5-7937-7929-06EC35FF760D}" = Catalyst Control Center Core Implementation
"{E303AE56-119E-E516-9C69-960456160E90}" = Catalyst Control Center Graphics Previews Vista
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E81BE8F9-E988-4531-08C5-4D03FE2F774F}" = Catalyst Control Center Graphics Full Existing
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD14A51B-2206-D07A-A610-8EBCA8D611A3}" = Catalyst Control Center Graphics Light
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Company of Heroes" = Company of Heroes
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"E.M. DVD Copy_is1" = E.M. DVD Copy 2.51
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"ICQLite" = ICQ 5.1
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Kaspersky Anti-Virus 7.0
"Just Cause 2_is1" = Just Cause 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAT-LP 'Der Führungsprozess'" = MAT-LP 'Der Führungsprozess' Version 1.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"Security Task Manager" = Security Task Manager 1.7h
"Steam App 10500" = Empire: Total War
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.1
"xp-AntiSpy" = xp-AntiSpy 3.97-9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.05.2010 12:20:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.05.2010 15:00:46 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 11.05.2010 05:24:44 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 11.05.2010 06:14:38 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = GetProcessOwner

Error - 11.05.2010 11:54:50 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 11.05.2010 15:52:47 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = GetProcessOwner

Error - 12.05.2010 06:35:14 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 12.05.2010 07:14:03 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = GetProcessOwner

Error - 12.05.2010 16:24:44 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 12.05.2010 17:49:27 | Computer Name = ***-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ System Events ]
Error - 30.11.2009 15:01:50 | Computer Name = ***-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.

Error - 30.11.2009 16:41:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30.11.2009 16:41:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03.12.2009 12:47:22 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =

Error - 05.12.2009 20:22:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 08.12.2009 13:48:48 | Computer Name = ***-PC | Source = BROWSER | ID = 8032
Description =

Error - 20.12.2009 19:07:26 | Computer Name = ***-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 03.01.2010 18:50:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 06.01.2010 13:29:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 06.01.2010 13:48:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >




Könnt ihr damit etwas anfangen?^^


MfG x)
__________________

Geändert von pingiiiSTAR (13.05.2010 um 01:10 Uhr)

Alt 13.05.2010, 15:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei! - Standard

Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!



Die Logs sind unauffällig. Welcher Prozess erzeugt denn die CPU-Last?
Sind alle wichtigen Treiber installiert?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!
adobe, bho, explorer, file, firefox, hijack, hijackthis, internet, internet explorer, kaspersky, langsam, log, lsass.exe, micro, microsoft, monitor, mozilla, pdfforge toolbar, programm, registry, rundll, searchsettings.dll, software, system32, syswow64, vista, vodafone, warum, windows



Ähnliche Themen: Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!


  1. CPU-Auslastung springt hoch und runter
    Alles rund um Windows - 06.03.2015 (1)
  2. CPU auslastung springt von 5 auf 100%, rechner ist extrem langsam, Lüftung laut, Bildschirm flackert teilweise
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (13)
  3. Laptop (Vista) sehr langsam, hohe CPU Auslastung
    Log-Analyse und Auswertung - 20.11.2014 (16)
  4. Laptop sehr langsam Arbeitsspeicher/CPU Auslastung hoch
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (11)
  5. Laptop sehr langsam/CPU Auslastung hoch
    Plagegeister aller Art und deren Bekämpfung - 09.10.2014 (19)
  6. Pc und internet schlagartig langsam....
    Plagegeister aller Art und deren Bekämpfung - 28.09.2014 (21)
  7. Virusverdacht: Computer schlagartig langsam, heute kein Passwort eingeben
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (11)
  8. Internet schlagartig extrem langsam...
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (7)
  9. Laptop extrem langsam - CPU Auslastung 100%
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (9)
  10. Laptop wir nach 5 min extrem langsam, sehr hohe CPU-Auslastung ohne ersichtlichen Grund
    Log-Analyse und Auswertung - 29.02.2012 (2)
  11. Internet schlagartig Langsam
    Log-Analyse und Auswertung - 18.05.2011 (1)
  12. CPU-Auslastung 100% Laptop extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (1)
  13. rechner schlagartig langsam
    Log-Analyse und Auswertung - 28.12.2009 (13)
  14. Trojaner kehren wieder - alle Tipps befolgt - Hijackthislog anbei
    Mülltonne - 02.12.2008 (1)
  15. Internet schlagartig langsam?
    Log-Analyse und Auswertung - 03.10.2008 (6)
  16. Laptop seit gestern früh schlagartig langsam
    Log-Analyse und Auswertung - 17.06.2008 (13)
  17. Laptop startet extrem langsam; logfile anbei...
    Log-Analyse und Auswertung - 10.02.2005 (3)

Zum Thema Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei! - Hallo, Ich besitze ein MSI GT729 Laptop mit Windows Vista 64Bit. Bisher hatte ich eigentlich nie Probleme mit dem Laptop, jedoch ist dieser seit einigen Tagen unglaublich langsam geworden. Zudem - Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei!...
Archiv
Du betrachtest: Laptop schlagartig langsam, CPU-Auslastung springt! HijackthisLog anbei! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.