Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Arbeitsspeicherauslastung zu hoch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.05.2010, 21:51   #1
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Hallo, gleich erstmal kurz mein System:
Windows 7 32Bit, 2GB Ram, 2.67 GHz Core2Duo, ESET Smart Security 4.

So, ich hatte mich kürzlich mit einem Trojaner infiziert. Trotz geschlossenem Firefox war firefox.exe mit ca. 10MB immer im TaskManager sichtbar und startete sich immer neu, wenn ich versucht hab ihn zu schließen. Seitdem ich infiziert war nahm mein Arbeitsspeicher immer ca. 500MB mehr in Anspruch, als alle im Taskmanager gelisteten Prozesse und alles reagierte entsprechend langsam. Ich bin mir sicher, dass es nichts mit SuperFetch zu tun hat, da es früher defenitiv nicht so war und SuperFetch den Arbeitsspeicher wieder freigibt, wenn ihn andere Programme benötigen.

Ich habe im Ressourcenmonitor nachgesehen, zu welcher IP sich der Prozess verbindet und per Whois Lookup rausgefunden, dass die Verbindung über HEIHACHI in Russland läuft und dass es sich um ein iscCP Virtual Hosting System handelt. Nachdem ich in der Registry nichts ungewöhnliches im Autostart gefunden hatte, ließ ich Malwarebytes' Anti Malware mal scannen, der 6 Treffer "Trojan.Agent" fand und diese erfolgreich behob.
Neustart und das Problem schien behoben. Zumindest war firefox.exe nicht länger geöffnet. Leider ist mein Arbeitsspeicher aber noch immer ca. 500MB überbeansprucht.

Evtl. hat sich der Trojaner nach dem Neustart in einen anderen Prozess injected oder das Problem mit dem Ram hat in erster Linie gar nichts mit dem Trojaner zu tun gehabt ?? Eset Smart Security und Malwarebytes' Anti Malware finden leider nichts und bei HijackThis und ESETs SysInspecter Snapshot gibts auch nichts auffälliges.

Würde mich über Hilfe, Ratschläge, Ideen, ... freuen.

Gruß,
DrRumpus.

Alt 25.05.2010, 10:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Hallo und

Zitat:
ließ ich Malwarebytes' Anti Malware mal scannen, der 6 Treffer "Trojan.Agent" fand und diese erfolgreich behob.
Das sind nichtssagende Schnippsel, Du musst das Logfile komplett posten!
__________________

__________________

Alt 25.05.2010, 10:25   #3
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4138

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.05.2010 18:44:34
mbam-log-2010-05-24 (18-44-34).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134521
Laufzeit: 6 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{68f45442-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{68f45443-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{68f45444-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{68f45445-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{68f45446-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\Ri.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
         
//Edit: NOD32 hat mittlerweile doch etwas gefunden:
C:\Users\***\AppData\Local\Temp\KEFUd.exe - a variant of Win32/Injector.AXI trojan - cleaned by deleting - quarantined [1]

RAM ist immer noch zu hoch :/
__________________

Geändert von DrRumpus (25.05.2010 um 10:30 Uhr)

Alt 25.05.2010, 10:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Mach bitte mal einen Vollscan mit Malwarebytes.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.05.2010, 13:34   #5
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4141

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.05.2010 14:32:39
mbam-log-2010-05-25 (14-32-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 412703
Laufzeit: 1 Stunde(n), 24 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 25.05.2010, 13:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Ok, keine weiteren Funde. Mach bitte mit OTL.exe weiter.
__________________
--> Arbeitsspeicherauslastung zu hoch

Alt 25.05.2010, 15:18   #7
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.05.2010 15:16:49 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = E:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 14,00% Memory free
4,00 Gb Paging File | 1,00 Gb Available in Paging File | 33,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,19 Gb Total Space | 41,98 Gb Free Space | 35,82% Space Free | Partition Type: NTFS
Drive D: | 115,17 Gb Total Space | 111,52 Gb Free Space | 96,83% Space Free | Partition Type: NTFS
Drive E: | 233,40 Gb Total Space | 144,63 Gb Free Space | 61,97% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 526,10 Gb Free Space | 56,48% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 
Current User Name: *
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\foobar2000\foobar2000.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Garena\Garena.exe (Garena Online PTE LTD)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files\Warcraft III\war3.exe (Blizzard Entertainment)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe (Dominating Bytes Design)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PCToolsSSDMonitorSvc) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GarenaPEngine) -- C:\Users\9DEC~1\AppData\Local\Temp\VFH5D5B.tmp ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Users\*\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries23.gadget\WinRing0.sys (OpenLibSys.org)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (VSPerfDrv100) -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 BA 8B C0 C0 67 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: bnetsquelcher@ylleksazeroth:2.1.6.2
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.0.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {55009080-176f-11da-8cd6-0800200c9a66}:4.2.3
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.3
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100415
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.06 21:09:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 14:02:29 | 000,000,000 | ---D | M]
 
[2009.11.18 13:34:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.05.24 17:07:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions
[2010.05.10 15:58:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009.12.09 17:55:25 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010.02.11 01:00:57 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010.01.27 17:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{33b974a8-e892-4f5f-bd17-f7b0331843d5}
[2010.05.06 21:11:41 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010.03.13 16:32:22 | 000,000,000 | ---D | M] (ImageBot) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2009.11.18 14:44:40 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009.11.18 19:39:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.04.16 14:17:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.01 13:02:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.13 11:25:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.01.22 21:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2010.03.28 01:25:57 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.01.12 17:23:07 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.04.13 11:25:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.30 23:14:35 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.02.18 00:09:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\bnetsquelcher@ylleksazeroth
[2010.04.14 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\cfxe@Triton
[2010.04.14 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\cfxHelper@Triton
[2010.03.06 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\chromifox@altmusictv.com
[2009.11.18 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\elemhidehelper@adblockplus.org
[2010.05.10 15:58:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\firebug@software.joehewitt.com
[2010.05.01 13:02:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\nasanightlaunch@example.com
[2009.11.19 00:48:21 | 000,002,172 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\xr66378w.default\searchplugins\bing.xml
[2010.05.24 01:14:30 | 000,002,404 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\xr66378w.default\searchplugins\google-us.xml
[2010.02.06 22:34:15 | 000,001,713 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\xr66378w.default\searchplugins\youtube-video-search.xml
[2010.05.24 17:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.22 19:10:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.22 19:10:33 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.22 19:10:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.22 19:10:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.22 19:10:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.24 17:30:31 | 000,000,589 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell\AutoRun\command - "" = I:\irjs3.exe -- File not found
O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell\AutoRun\command - "" = H:\irjs3.exe -- File not found
O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 60 Days ==========
 
[2010.05.24 23:54:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.05.24 23:53:14 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010.05.24 23:53:13 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.05.24 23:53:13 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010.05.24 23:53:13 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010.05.24 23:53:13 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010.05.24 23:53:13 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010.05.24 23:53:11 | 002,796,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.05.24 23:53:11 | 002,785,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.05.24 23:53:11 | 001,528,864 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.05.24 23:53:11 | 000,338,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.05.24 23:53:11 | 000,055,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.05.24 23:53:09 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010.05.24 23:53:09 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll
[2010.05.24 23:53:09 | 000,347,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010.05.24 23:53:09 | 000,306,176 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010.05.24 23:53:09 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010.05.24 23:53:09 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010.05.24 23:53:09 | 000,164,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010.05.24 23:53:09 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010.05.24 23:53:09 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010.05.24 23:53:09 | 000,061,952 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll
[2010.05.24 23:53:09 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010.05.24 23:53:09 | 000,047,104 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBppld32.dll
[2010.05.24 23:53:09 | 000,044,032 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBPPCn32.dll
[2010.05.24 23:53:07 | 000,281,600 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010.05.24 23:52:59 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2010.05.24 23:52:59 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2010.05.24 23:52:57 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.05.24 20:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\ESET
[2010.05.24 20:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\ESET
[2010.05.24 20:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010.05.24 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.05.24 19:24:37 | 000,278,560 | ---- | C] (Realtek                                            ) -- C:\Windows\System32\drivers\Rt86win7.sys
[2010.05.24 19:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010.05.24 18:30:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2010.05.24 18:30:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.24 18:30:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.24 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.24 18:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.23 20:53:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Metasequoia
[2010.05.23 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\metaseq2410
[2010.05.23 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\SB3Utility
[2010.05.18 20:12:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\The KMPlayer
[2010.05.13 01:11:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\assembly
[2010.05.13 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Deployment
[2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- F:\Dokumente\StarCraft II Beta
[2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Blizzard Entertainment
[2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.05.09 22:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.05.07 16:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2010.05.04 16:52:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft Corporation
[2010.05.04 16:40:54 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2010.05.04 16:40:46 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2010.05.04 16:40:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2010.05.04 16:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010.05.04 16:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010.05.04 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010.05.04 16:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2010.05.04 16:35:08 | 000,000,000 | ---D | C] -- F:\Dokumente\Visual Studio 2010
[2010.05.04 16:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2010.05.04 16:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2010.05.04 16:23:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2010.05.04 16:22:59 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2010.05.04 16:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010.05.04 16:09:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.05.04 16:09:19 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.05.04 16:09:19 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.05.02 22:49:56 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.05.02 22:49:56 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.05.02 22:49:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.05.02 22:49:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.05.02 22:49:56 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.05.02 22:49:55 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.05.02 22:49:55 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.05.02 22:49:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.05.02 22:49:55 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.05.02 22:49:55 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.05.02 22:49:55 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.05.02 22:49:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.05.02 22:49:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.05.02 22:49:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.05.02 22:49:55 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.05.02 22:49:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.05.02 22:49:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.05.02 22:49:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.05.02 22:49:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.05.02 22:49:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.05.02 22:49:52 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.05.02 22:49:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.05.02 22:49:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.05.02 22:49:51 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.05.02 22:49:51 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.05.02 22:49:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.05.02 22:49:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.05.02 22:49:51 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.05.02 22:49:51 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.05.02 22:49:51 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.05.02 22:49:51 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.05.02 22:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.05.02 22:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010.05.02 22:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.05.02 22:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.04.29 12:22:35 | 000,000,000 | ---D | C] -- F:\Dokumente\RAD Studio
[2010.04.27 19:38:30 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.27 19:38:30 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.04.26 23:56:58 | 000,000,000 | ---D | C] -- C:\Eclipse
[2010.04.23 01:22:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\avidemux
[2010.04.23 01:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[2010.04.23 01:16:01 | 000,000,000 | ---D | C] -- C:\Users\*\avidemux
[2010.04.23 01:02:52 | 000,000,000 | ---D | C] -- F:\Dokumente\Xilisoft Corporation
[2010.04.15 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\IconChanger
[2010.04.15 21:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger
[2010.04.15 15:36:05 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.04.14 15:47:26 | 000,000,000 | ---D | C] -- F:\Dokumente\Navicat
[2010.04.14 14:07:06 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 14:07:06 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 14:07:05 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 14:06:08 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010.04.09 13:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NexusDB3
[2010.04.08 02:44:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4
[2010.04.07 04:43:20 | 005,430,272 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010.04.07 04:16:30 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2010.04.07 04:16:20 | 000,489,472 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2010.04.07 04:13:10 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2010.04.07 04:12:38 | 000,372,736 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010.04.07 04:12:12 | 014,321,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2010.04.07 04:12:04 | 000,172,032 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010.04.07 04:10:48 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010.04.07 04:10:32 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010.04.07 04:10:18 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010.04.07 04:10:10 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010.04.07 04:10:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010.04.07 03:46:48 | 000,050,176 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2010.04.07 03:40:18 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2010.04.07 03:40:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2010.04.07 03:38:12 | 004,018,176 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2010.04.07 03:23:40 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2010.04.07 03:23:32 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2010.04.07 03:23:10 | 000,157,184 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2010.04.07 03:22:44 | 000,028,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2010.04.07 03:22:30 | 000,020,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2010.04.07 03:22:00 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2010.04.07 03:08:52 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2010.04.07 03:08:52 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2010.04.06 21:23:30 | 000,000,000 | ---D | C] -- F:\Dokumente\My Games
[2010.04.06 21:23:21 | 000,000,000 | ---D | C] -- F:\Dokumente\Sport
[2010.04.06 21:23:21 | 000,000,000 | ---D | C] -- F:\Dokumente\Joiline
[2010.04.06 21:23:21 | 000,000,000 | ---D | C] -- F:\Dokumente\Games
[2010.04.05 23:26:11 | 000,000,000 | ---D | C] -- F:\Dokumente\The KMPlayer
[2010.04.05 18:36:38 | 000,000,000 | ---D | C] -- F:\Dokumente\ICQ
[2010.03.31 13:30:23 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 13:30:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 13:30:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.28 18:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2010.03.27 18:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Minnetonka Audio Software
[2 C:\Users\*\AppData\Roaming\*.tmp files -> C:\Users\*\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2010.05.25 15:20:13 | 012,845,056 | -HS- | M] () -- C:\Users\*\NTUSER.DAT
[2010.05.25 00:03:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 00:03:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.24 23:55:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.24 23:55:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.24 23:55:46 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.24 23:55:46 | 000,102,080 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.05.24 23:54:40 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.05.24 23:48:21 | 002,270,875 | -H-- | M] () -- C:\Users\*\AppData\Local\IconCache.db
[2010.05.24 21:30:19 | 000,000,833 | ---- | M] () -- C:\Users\*\SciTE.session
[2010.05.24 20:21:44 | 000,007,605 | ---- | M] () -- C:\Users\*\AppData\Local\resmon.resmoncfg
[2010.05.22 16:41:07 | 000,001,758 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.05.13 19:18:22 | 002,425,752 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.13 19:18:22 | 000,764,954 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.13 19:18:22 | 000,719,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.13 19:18:22 | 000,475,100 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010.05.13 19:18:22 | 000,172,840 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.13 19:18:22 | 000,145,628 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010.05.13 19:18:22 | 000,145,628 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.04 17:55:27 | 000,000,516 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.05.04 16:01:48 | 002,350,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.04 01:48:48 | 000,113,960 | ---- | M] () -- C:\Users\*\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 00:45:06 | 000,006,144 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 23:11:55 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010.04.07 04:16:34 | 000,038,400 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2010.04.07 04:16:30 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2010.04.07 04:16:20 | 000,489,472 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2010.04.07 04:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2010.04.07 04:12:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010.04.07 04:12:12 | 014,321,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010.04.07 04:10:48 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010.04.07 04:10:32 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010.04.07 04:10:18 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010.04.07 04:10:10 | 000,011,776 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010.04.07 04:10:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010.04.07 04:06:26 | 003,164,160 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2010.04.07 03:46:48 | 000,050,176 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2010.04.07 03:41:30 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.04.07 03:41:30 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.04.07 03:40:46 | 003,707,904 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2010.04.07 03:40:18 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2010.04.07 03:40:10 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2010.04.07 03:38:12 | 004,018,176 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2010.04.07 03:23:52 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2010.04.07 03:23:40 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2010.04.07 03:23:32 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2010.04.07 03:22:44 | 000,028,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2010.04.07 03:22:30 | 000,020,480 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2010.04.07 03:22:00 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2010.04.07 03:21:08 | 002,983,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2010.04.07 03:20:44 | 000,515,424 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2010.04.07 03:08:52 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2010.04.07 03:08:52 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2010.04.02 18:09:08 | 000,002,023 | ---- | M] () -- C:\Windows\System32\atipblag.dat
[2010.04.01 11:34:28 | 000,020,862 | ---- | M] () -- C:\Windows\atiogl.xml
[2010.03.30 19:46:32 | 000,000,315 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010.03.28 18:10:44 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010.03.28 18:10:44 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2010.03.28 18:10:44 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2010.03.28 18:10:44 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2010.03.28 18:10:44 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll
[2 C:\Users\*\AppData\Roaming\*.tmp files -> C:\Users\*\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.24 19:24:37 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.04.07 04:16:34 | 000,038,400 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2010.04.07 03:20:44 | 000,515,424 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2010.04.02 18:09:08 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.04.01 11:34:28 | 000,020,862 | ---- | C] () -- C:\Windows\atiogl.xml
[2010.03.30 19:46:32 | 000,000,315 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.03.27 18:40:46 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2010.03.27 18:40:46 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.03.27 18:40:46 | 000,000,087 | ---- | C] () -- C:\Windows\System32\ssprs.tgz
[2010.03.27 18:40:46 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010.03.27 18:40:46 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010.03.24 17:39:29 | 000,001,758 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.03.23 15:32:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.07 03:29:05 | 001,712,128 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009.12.30 04:35:56 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.12.30 04:35:56 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009.12.30 04:35:56 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.30 04:35:56 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.12.30 04:35:56 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.12.30 04:35:56 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.12.30 04:35:56 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.12.30 04:35:56 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.12.30 04:35:56 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.12.30 04:35:56 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009.12.30 04:35:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.12.30 04:35:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.12.30 04:35:56 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.12.30 04:35:56 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009.12.30 04:35:56 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.12.30 04:35:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.12.30 04:35:56 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.12.30 04:35:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.12.30 04:35:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.30 04:35:56 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.11.20 20:05:23 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.17 23:39:31 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.11.17 23:39:31 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.08.19 23:00:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes140.dll
[2009.08.19 23:00:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
         

Alt 25.05.2010, 16:11   #8
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.05.2010 15:16:49 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = E:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 14,00% Memory free
4,00 Gb Paging File | 1,00 Gb Available in Paging File | 33,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,19 Gb Total Space | 41,98 Gb Free Space | 35,82% Space Free | Partition Type: NTFS
Drive D: | 115,17 Gb Total Space | 111,52 Gb Free Space | 96,83% Space Free | Partition Type: NTFS
Drive E: | 233,40 Gb Total Space | 144,63 Gb Free Space | 61,97% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 526,10 Gb Free Space | 56,48% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 
Current User Name: *
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE ()
.js [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE ()
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03B0D67B-36C9-C2CD-B63B-7B526138BA52}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04FC2E4C-0E41-9D39-4E58-1EF29D4EF09D}" = ccc-core-static
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0949C078-58B4-CAF1-9A63-A4545145806D}" = Catalyst Control Center Graphics Previews Common
"{094A436C-4F8A-4C62-B832-7E7118DDBF1D}_is1" = Oblivion Running Revised mod 3.5
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.0 Build #1211 Banner Remover 1.0
"{0C6F7EA4-D42E-4281-90E1-369D44FC761A}" = TortoiseSVN 1.6.8.19260 (32 bit)
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0ECED7D8-FF53-4DC9-958E-C2177F528DE4}" = MySQL Server 5.1
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{121EF407-C22A-43A3-BA61-DA735312EEC4}" = GridClicker
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1AFF3E5C-E67C-4D36-8478-8C36491440C2}" = InstallAware 7
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{25D9B5F1-4628-4723-99CF-8BAC31B5F5F5}" = GameTutorials CD v3.8
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 18
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38D9575F-6228-6A54-3A92-D902739B6541}" = Catalyst Control Center InstallProxy
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{573F1931-08F7-9222-704E-841C391794C5}" = ATI Catalyst Install Manager
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.3
"{5E8B45A0-072C-91F7-BC80-29374194B452}" = Catalyst Control Center Graphics Previews Vista
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7BA01D2D-E25C-0C2C-5779-7A8E02A4BE7D}" = Catalyst Control Center Core Implementation
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{815c3f32-3736-4d60-b341-06cd68414be2}" = Nero 9 Trial
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FF4E834-DCAD-29E7-1EE8-9D817A3FA15B}" = CCC Help English
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A99C800B-C5F3-48B9-AE2F-A9BE1C553111}" = ILLUSION 勇者からは逃げられない!
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C03A56EE-2715-5F54-69C4-A1CDB7602354}" = Catalyst Control Center Graphics Full New
"{C307DD64-1C69-8C52-D2C9-02D38995A269}" = Catalyst Control Center HydraVision Full
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = IconChanger
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E3E1398E-8FF2-0154-6D8F-7FC26299EBED}" = Catalyst Control Center Graphics Full Existing
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E966F0CC-76B3-11D3-945B-00C04FB1760A}" = BDE_ENT
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBEF69BB-829C-8D4D-B299-497147916039}" = Catalyst Control Center Graphics Light
"{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}" = O&O DiskRecovery
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Artificial Girl 3" = Artificial Girl 3
"AutoItv3" = AutoIt v3.3.6.0
"Avidemux 2.5" = Avidemux 2.5
"AWC" = Advanced WarCraft3 Configurator (remove only)
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DotAzilla" = DotAzilla
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"foobar2000" = foobar2000 v1.0.3
"Garena" = Garena
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ImTOO Video Editor" = ImTOO Video Editor
"InstallAware 7" = InstallAware 7
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MinGW" = MinGW 5.1.6
"Miranda IM" = Miranda IM 0.8.11
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PowerMPQ" = PowerMPQ 1.3
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"Proxifier_is1" = Proxifier version 2.9
"qt7lite_is1" = QT Lite 3.0.1
"Rave Reports 7.7.0 BE_is1" = Rave Reports 7.7.0 BE
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Sandboxie" = Sandboxie 3.44
"SciTE4AutoIt3" = SciTE4AutoIt3 2/6/2010
"Shockvoice Client_is1" = Shockvoice Client 0.9.1
"ST6UNST #1" = Hero Editor V1.03
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"TrueCrypt" = TrueCrypt
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.14.1.0b
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
"xp-AntiSpy" = xp-AntiSpy 3.97-5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.05.2010 23:25:48 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\InstallAware\InstallAware
 7\Plug-Ins\DIFx\Localized\x64\DPInst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.05.2010 10:38:35 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3743,
 Zeitstempel: 0x4bb4be02  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x10417c22  ID des fehlerhaften
 Prozesses: 0x2264  Startzeit der fehlerhaften Anwendung: 0x01cafb4ec7bc9858  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 083b9755-6742-11df-ab67-001a4d585642
 
Error - 24.05.2010 13:04:33 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccb3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051ffe  ID des fehlerhaften
 Prozesses: 0xac0  Startzeit der fehlerhaften Anwendung: 0x01cafb610c2f7c8b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6c448702-6756-11df-b4c6-001a4d585642
 
Error - 24.05.2010 16:20:21 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccb3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051ffe  ID des fehlerhaften
 Prozesses: 0xea4  Startzeit der fehlerhaften Anwendung: 0x01cafb7c672ab994  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: c6714d75-6771-11df-acf2-001a4d585642
 
Error - 24.05.2010 17:28:30 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamSpeak.exe, Version: 2.0.32.60,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdaae  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x00009617  ID des fehlerhaften
 Prozesses: 0x1164  Startzeit der fehlerhaften Anwendung: 0x01cafb86d6b139c5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 4bdaa136-677b-11df-acf2-001a4d585642
 
Error - 24.05.2010 17:30:06 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamSpeak.exe, Version: 2.0.32.60,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046512  ID des fehlerhaften
 Prozesses: 0x1164  Startzeit der fehlerhaften Anwendung: 0x01cafb86d6b139c5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 8547937b-677b-11df-acf2-001a4d585642
 
Error - 24.05.2010 18:11:56 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccb3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051ffe  ID des fehlerhaften
 Prozesses: 0xe18  Startzeit der fehlerhaften Anwendung: 0x01cafb8bf67fddd8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 5d54742b-6781-11df-b4ce-001a4d585642
 
Error - 25.05.2010 06:16:05 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 25.05.2010 06:16:44 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\InstallAware\InstallAware
 7\Plug-Ins\DIFx\Localized\ia64\DPInst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.05.2010 06:16:44 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\InstallAware\InstallAware
 7\Plug-Ins\DIFx\Localized\x64\DPInst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 21.05.2010 08:48:40 | Computer Name = spliffmaster | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 21.05.2010 08:48:40 | Computer Name = spliffmaster | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 21.05.2010 08:48:40 | Computer Name = spliffmaster | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 21.05.2010 08:50:26 | Computer Name = spliffmaster | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?05.?2010 um 14:47:56 unerwartet heruntergefahren.
 
Error - 21.05.2010 09:06:16 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.05.2010 13:04:41 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.05.2010 14:10:18 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 24.05.2010 14:58:31 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 24.05.2010 16:20:22 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.05.2010 18:11:58 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         

Alt 25.05.2010, 20:03   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du den unkenntlich gemachten Benutzernamen wieder in den richtigen verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
DRV - (GarenaPEngine) -- C:\Users\9DEC~1\AppData\Local\Temp\VFH5D5B.tmp ()
O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell\AutoRun\command - "" = I:\irjs3.exe -- File not found
O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell\AutoRun\command - "" = H:\irjs3.exe -- File not found
O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[2010.04.08 02:44:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4
[2010.03.28 18:10:44 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010.03.28 18:10:44 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2010.05.23 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\metaseq2410
[2010.03.28 18:10:44 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2010.03.28 18:10:44 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2010.03.28 18:10:44 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.05.2010, 20:49   #10
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



All processes killed
========== OTL ==========
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
C:\Users\9DEC~1\AppData\Local\Temp\VFH5D5B.tmp moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ not found.
File I:\irjs3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d4262d-d600-11de-901a-001a4d585642}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d4262d-d600-11de-901a-001a4d585642}\ not found.
File H:\irjs3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8b06e21-000d-11df-8da2-001a4d585642}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8b06e21-000d-11df-8da2-001a4d585642}\ not found.
File H:\autorun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4\1.0.0.0 folder moved successfully.
C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4 folder moved successfully.
C:\Windows\System32\lsprst7.tgz moved successfully.
C:\Windows\System32\lsprst7.dll moved successfully.
C:\Program Files\metaseq2410\Texture folder moved successfully.
C:\Program Files\metaseq2410\Script folder moved successfully.
C:\Program Files\metaseq2410\Plugins\Station folder moved successfully.
C:\Program Files\metaseq2410\Plugins\Select folder moved successfully.
C:\Program Files\metaseq2410\Plugins\Object folder moved successfully.
C:\Program Files\metaseq2410\Plugins\Import folder moved successfully.
C:\Program Files\metaseq2410\Plugins\Export folder moved successfully.
C:\Program Files\metaseq2410\Plugins\Create folder moved successfully.
C:\Program Files\metaseq2410\Plugins\Command folder moved successfully.
C:\Program Files\metaseq2410\Plugins folder moved successfully.
C:\Program Files\metaseq2410\help\python folder moved successfully.
C:\Program Files\metaseq2410\help folder moved successfully.
C:\Program Files\metaseq2410\Data\English folder moved successfully.
C:\Program Files\metaseq2410\Data folder moved successfully.
C:\Program Files\metaseq2410\Bump folder moved successfully.
C:\Program Files\metaseq2410\Alpha folder moved successfully.
C:\Program Files\metaseq2410 folder moved successfully.
C:\Windows\System32\ssprs.tgz moved successfully.
C:\Windows\System32\ssprs.dll moved successfully.
C:\Windows\SurCode.INI moved successfully.
C:\Windows\System32\sysprs7.tgz moved successfully.
C:\Windows\System32\sysprs7.dll moved successfully.
C:\Windows\System32\clauth2.dll moved successfully.
C:\Windows\System32\clauth1.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: *
->Temp folder emptied: 652397194 bytes
->Temporary Internet Files folder emptied: 381146524 bytes
->Java cache emptied: 27159080 bytes
->FireFox cache emptied: 763132260 bytes
->Flash cache emptied: 2200271 bytes

User: ÿ

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 190474549 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.923,00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05252010_213724

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 25.05.2010, 20:51   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Gut, dann jetzt mal CF anwenden:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.05.2010, 21:50   #12
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Combofix Logfile:
Code:
ATTFilter
ComboFix 10-05-24.07 - * 25.05.2010  22:28:56.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.2046.870 [GMT 2:00]
ausgeführt von:: E:\cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\*\AppData\Roaming\175532012.tmp
c:\windows\system32\actskin4.ocx

.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-25 bis 2010-05-25  ))))))))))))))))))))))))))))))
.

2010-05-25 20:35 . 2010-05-25 20:35	--------	d-----w-	c:\users\*\AppData\Local\temp
2010-05-25 20:35 . 2010-05-25 20:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-05-25 20:20 . 2010-05-25 20:20	--------	d-----w-	C:\32788R22FWJFW
2010-05-25 20:09 . 2010-05-25 20:09	--------	d-----w-	c:\program files\CCleaner
2010-05-25 19:58 . 2010-05-25 19:58	--------	d-----w-	c:\program files\metaseq2410
2010-05-25 19:09 . 2010-05-25 19:09	--------	d-----w-	c:\users\*\AppData\Local\PreEmptive Solutions
2010-05-25 16:29 . 2009-11-25 21:03	61952	----a-w-	c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\xr66378w.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
2010-05-24 21:54 . 2010-05-24 21:54	--------	d-----w-	c:\windows\system32\RTCOM
2010-05-24 21:52 . 2009-04-16 08:14	142848	----a-w-	c:\windows\system32\AERTACap.dll
2010-05-24 21:52 . 2009-03-31 12:07	125952	----a-w-	c:\windows\system32\AERTARen.dll
2010-05-24 21:52 . 2009-08-18 15:16	831488	----a-w-	c:\windows\RtlExUpd.dll
2010-05-24 18:59 . 2010-05-24 18:59	--------	d-----w-	c:\users\*\AppData\Local\ESET
2010-05-24 17:24 . 2010-03-22 15:57	278560	----a-w-	c:\windows\system32\drivers\Rt86win7.sys
2010-05-24 17:24 . 2009-12-03 15:27	80416	----a-w-	c:\windows\system32\RtNicProp32.dll
2010-05-24 17:18 . 2010-05-24 17:18	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-24 16:30 . 2010-05-24 16:30	--------	d-----w-	c:\users\*\AppData\Roaming\Malwarebytes
2010-05-24 16:30 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 16:30 . 2010-05-24 16:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-24 16:30 . 2010-05-24 16:30	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-24 16:30 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-23 18:53 . 2010-05-23 20:20	--------	d-----w-	c:\users\*\AppData\Roaming\Metasequoia
2010-05-23 16:23 . 2010-05-23 16:37	--------	d-----w-	c:\users\*\AppData\Local\SB3Utility
2010-05-22 09:27 . 2010-05-22 09:27	48388	----a-w-	c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-18 18:12 . 2010-05-18 18:12	--------	d-----w-	c:\windows\system32\The KMPlayer
2010-05-12 23:11 . 2010-05-12 23:11	--------	d-----w-	c:\users\*\AppData\Local\assembly
2010-05-12 23:11 . 2010-05-12 23:11	--------	d-----w-	c:\users\*\AppData\Local\Deployment
2010-05-12 14:32 . 2010-03-04 07:33	740864	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-09 20:58 . 2010-05-22 09:27	--------	d-----w-	c:\programdata\Blizzard Entertainment
2010-05-09 20:58 . 2010-05-22 09:27	--------	d-----w-	c:\program files\StarCraft II Beta
2010-05-09 20:58 . 2010-05-09 21:01	--------	d-----w-	c:\users\*\AppData\Local\Blizzard Entertainment
2010-05-09 20:48 . 2010-05-09 20:48	--------	d-----w-	c:\programdata\Blizzard
2010-05-07 14:14 . 2010-05-07 14:14	--------	d-----w-	c:\programdata\Microsoft Visual Studio
2010-05-04 14:52 . 2010-05-04 14:52	--------	d-----w-	c:\users\*\AppData\Roaming\Microsoft Corporation
2010-05-04 14:40 . 2009-07-23 03:08	50200	----a-w-	c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-05-04 14:40 . 2009-07-23 03:08	79896	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-05-04 14:40 . 2010-05-04 14:40	--------	d-----w-	c:\windows\system32\RsFx
2010-05-04 14:37 . 2010-05-04 14:40	--------	d-----w-	c:\program files\Microsoft SQL Server
2010-05-04 14:37 . 2010-05-04 14:37	--------	d-----w-	c:\program files\Microsoft Sync Framework
2010-05-04 14:37 . 2010-05-04 14:37	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2010-05-04 14:36 . 2010-05-04 14:36	--------	d-----w-	c:\programdata\PreEmptive Solutions
2010-05-04 14:33 . 2010-05-04 14:33	--------	d-----w-	c:\program files\Microsoft ASP.NET
2010-05-04 14:32 . 2010-05-04 14:32	--------	d-----w-	c:\program files\IIS
2010-05-04 14:32 . 2010-05-04 14:44	2478272	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-05-04 14:23 . 2010-05-04 14:39	--------	d-----w-	c:\windows\system32\1033
2010-05-04 14:22 . 2010-05-04 14:22	--------	d-----w-	c:\windows\symbols
2010-05-04 14:22 . 2010-05-04 14:28	--------	d-----w-	c:\program files\Microsoft F#
2010-05-04 14:22 . 2010-05-04 14:27	--------	d-----w-	c:\program files\Common Files\Merge Modules
2010-05-04 14:22 . 2010-05-04 14:25	--------	d-----w-	c:\program files\HTML Help Workshop
2010-05-04 14:22 . 2010-05-04 14:22	--------	d-----w-	c:\program files\Microsoft Help Viewer
2010-05-04 14:22 . 2010-05-04 14:36	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2010-05-04 14:09 . 2009-11-25 10:47	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-05-04 14:09 . 2009-11-25 10:47	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-05-04 14:09 . 2009-11-25 10:47	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-05-04 14:09 . 2009-11-25 10:47	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-05-04 14:09 . 2009-11-25 10:47	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-05-02 20:25 . 2010-05-02 20:25	--------	d-----w-	c:\programdata\ATI
2010-05-02 20:25 . 2010-05-02 20:25	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2010-05-02 20:25 . 2010-05-02 20:25	--------	d-----w-	c:\program files\ATI
2010-05-02 20:22 . 2010-05-02 20:25	--------	d-----w-	c:\program files\ATI Technologies
2010-04-27 17:39 . 2009-10-10 02:57	12800	----a-w-	c:\windows\system32\drivers\sffp_sd.sys
2010-04-27 17:38 . 2009-12-11 07:44	133720	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 17:38 . 2009-12-11 07:38	1037312	----a-w-	c:\windows\system32\lsasrv.dll
2010-04-27 17:38 . 2009-09-26 05:58	194488	----a-w-	c:\windows\system32\drivers\fvevol.sys
2010-04-26 21:56 . 2010-04-26 21:58	--------	d-----w-	C:\Eclipse

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 19:41 . 2009-11-20 00:06	--------	d-----w-	c:\users\*\AppData\Roaming\ICQ
2010-05-25 18:58 . 2010-02-01 15:51	--------	d-----w-	c:\users\*\AppData\Roaming\foobar2000
2010-05-25 15:06 . 2009-11-18 17:52	--------	d-----w-	c:\program files\Warcraft III
2010-05-25 12:13 . 2009-11-20 00:37	--------	d-----w-	c:\program files\Garena
2010-05-24 21:54 . 2009-11-17 21:38	--------	d--h--w-	c:\program files\Temp
2010-05-24 21:52 . 2009-11-17 20:30	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-24 21:23 . 2009-11-18 17:46	--------	d-----w-	c:\users\*\AppData\Roaming\teamspeak2
2010-05-24 17:24 . 2009-11-17 20:30	--------	d-----w-	c:\program files\Realtek
2010-05-24 11:33 . 2010-03-21 17:44	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-05-23 12:43 . 2010-03-16 19:53	--------	d-----w-	c:\program files\Diablo II
2010-05-23 05:34 . 2009-12-05 10:58	--------	d-----w-	c:\users\*\AppData\Roaming\mIRC
2010-05-22 19:07 . 2009-11-21 16:12	--------	d-----w-	c:\users\*\AppData\Roaming\codeblocks
2010-05-22 11:10 . 2009-12-05 10:59	--------	d-----w-	c:\program files\mIRC
2010-05-14 16:51 . 2010-01-19 23:28	--------	d-----w-	c:\program files\ICQ7.0
2010-05-14 12:14 . 2009-11-25 16:56	--------	d-----w-	c:\users\*\AppData\Roaming\uTorrent
2010-05-14 01:04 . 2009-12-17 17:05	--------	d-----w-	c:\users\*\AppData\Roaming\Hamachi
2010-05-13 17:18 . 2010-01-13 14:29	475100	----a-w-	c:\windows\system32\perfh011.dat
2010-05-13 17:18 . 2010-01-13 14:29	145628	----a-w-	c:\windows\system32\perfc011.dat
2010-05-13 17:18 . 2009-11-17 18:49	764954	----a-w-	c:\windows\system32\perfh007.dat
2010-05-13 17:18 . 2009-11-17 18:49	172840	----a-w-	c:\windows\system32\perfc007.dat
2010-05-12 18:46 . 2009-11-18 00:44	--------	d-----w-	c:\program files\foobar2000
2010-05-12 14:33 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-05-12 14:33 . 2009-11-21 16:29	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-11-17 17:11	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-09 21:01 . 2009-11-18 17:32	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2010-05-06 17:19 . 2009-11-21 00:33	--------	d-----w-	c:\program files\JDownloader
2010-05-04 14:39 . 2009-11-21 16:31	--------	d-----w-	c:\program files\Microsoft.NET
2010-05-04 14:37 . 2009-11-21 12:29	--------	d-----w-	c:\program files\Microsoft SDKs
2010-05-04 14:34 . 2009-07-14 04:52	--------	d-----w-	c:\program files\MSBuild
2010-05-04 14:19 . 2009-11-21 12:29	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2010-05-04 14:01 . 2010-01-25 19:27	--------	dc-h--w-	c:\programdata\~1
2010-05-03 23:48 . 2009-11-17 22:55	113960	----a-w-	c:\users\*\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-03 14:54 . 2009-11-21 12:14	--------	d-----w-	c:\program files\Microsoft Web Designer Tools
2010-05-03 14:32 . 2010-01-20 19:29	--------	dc-h--w-	c:\programdata\{6A883631-DE6E-4096-9348-4D606A536BCB}
2010-05-03 14:28 . 2010-02-09 14:00	--------	dc-h--w-	c:\programdata\{2563F97A-045F-4E4C-9DB1-D5D26C269882}
2010-05-03 14:28 . 2010-01-20 17:48	--------	d-----w-	c:\programdata\Embarcadero
2010-05-03 12:11 . 2009-11-20 19:35	--------	d-----w-	c:\program files\AutoIt3
2010-05-01 23:37 . 2009-11-21 13:28	--------	d-----w-	c:\program files\TortoiseSVN
2010-05-01 23:37 . 2009-11-21 13:28	--------	d-----w-	c:\program files\Common Files\TortoiseOverlays
2010-04-22 23:22 . 2010-04-22 23:22	--------	d-----w-	c:\users\*\AppData\Roaming\avidemux
2010-04-22 23:22 . 2010-04-22 23:22	--------	d-----w-	c:\program files\Avidemux 2.5
2010-04-15 19:24 . 2010-04-15 19:22	--------	d-----w-	c:\users\*\AppData\Roaming\IconChanger
2010-04-15 19:20 . 2010-04-15 19:20	--------	d-----w-	c:\program files\IconChanger
2010-04-12 14:56 . 2009-11-17 23:24	--------	d-----w-	c:\program files\The KMPlayer
2010-04-09 11:31 . 2010-04-09 11:31	--------	d-----w-	c:\programdata\NexusDB3
2010-04-08 22:13 . 2009-11-18 16:37	--------	d-----w-	c:\program files\Notepad++
2010-04-08 18:26 . 2009-11-18 16:37	--------	d-----w-	c:\users\*\AppData\Roaming\Notepad++
2010-04-07 02:43 . 2010-04-07 02:43	5430272	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:16 . 2010-04-07 02:16	143360	----a-w-	c:\windows\system32\atiapfxx.exe
2010-04-07 02:16 . 2010-04-07 02:16	489472	----a-w-	c:\windows\system32\aticfx32.dll
2010-04-07 02:13 . 2010-04-07 02:13	446464	----a-w-	c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:12 . 2010-04-07 02:12	372736	----a-w-	c:\windows\system32\atieclxx.exe
2010-04-07 02:12 . 2010-04-07 02:12	14321664	----a-w-	c:\windows\system32\atioglxx.dll
2010-04-07 02:12 . 2010-04-07 02:12	172032	----a-w-	c:\windows\system32\atiesrxx.exe
2010-04-07 02:10 . 2010-04-07 02:10	159744	----a-w-	c:\windows\system32\atitmmxx.dll
2010-04-07 02:10 . 2010-04-07 02:10	356352	----a-w-	c:\windows\system32\atipdlxx.dll
2010-04-07 02:10 . 2010-04-07 02:10	278528	----a-w-	c:\windows\system32\Oemdspif.dll
2010-04-07 02:10 . 2010-04-07 02:10	11776	----a-w-	c:\windows\system32\atimuixx.dll
2010-04-07 02:10 . 2010-04-07 02:10	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2010-04-07 02:06 . 2009-07-13 22:09	3164160	----a-w-	c:\windows\system32\atidxx32.dll
2010-04-07 01:46 . 2010-04-07 01:46	50176	----a-w-	c:\windows\system32\coinst.dll
2010-04-07 01:41 . 2010-02-09 23:05	249856	------w-	c:\windows\Setup1.exe
2010-04-07 01:41 . 2010-02-09 23:05	73216	----a-w-	c:\windows\ST6UNST.EXE
2010-04-07 01:40 . 2009-06-10 21:19	3707904	----a-w-	c:\windows\system32\atiumdag.dll
2010-04-07 01:40 . 2010-04-07 01:40	53248	----a-w-	c:\windows\system32\aticalrt.dll
2010-04-07 01:40 . 2010-04-07 01:40	53248	----a-w-	c:\windows\system32\aticalcl.dll
2010-04-07 01:38 . 2010-04-07 01:38	4018176	----a-w-	c:\windows\system32\aticaldd.dll
2010-04-07 01:23 . 2009-11-04 14:52	237568	----a-w-	c:\windows\system32\atiadlxx.dll
2010-04-07 01:23 . 2010-04-07 01:23	12800	----a-w-	c:\windows\system32\atiglpxx.dll
2010-04-07 01:23 . 2010-04-07 01:23	14848	----a-w-	c:\windows\system32\atigktxx.dll
2010-04-07 01:23 . 2010-04-07 01:23	157184	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22 . 2010-04-07 01:22	28160	----a-w-	c:\windows\system32\atiuxpag.dll
2010-04-07 01:22 . 2010-04-07 01:22	20480	----a-w-	c:\windows\system32\atiu9pag.dll
2010-04-07 01:22 . 2010-04-07 01:22	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21 . 2009-07-13 22:09	2983936	----a-w-	c:\windows\system32\atiumdva.dll
2010-04-07 01:08 . 2010-04-07 01:08	52224	----a-w-	c:\windows\system32\atimpc32.dll
2010-04-07 01:08 . 2010-04-07 01:08	52224	----a-w-	c:\windows\system32\amdpcom32.dll
2010-04-06 19:00 . 2010-04-06 19:00	335872	----a-r-	c:\users\*\AppData\Roaming\Microsoft\Installer\{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}\NewShortcut1_1B77C7148529485093387D9DB12862D9.exe
2010-04-06 19:00 . 2010-04-06 19:00	335872	----a-r-	c:\users\*\AppData\Roaming\Microsoft\Installer\{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}\ARPPRODUCTICON.exe
2010-04-06 19:00 . 2009-11-21 14:41	--------	d-----w-	c:\program files\OO Software
2010-04-02 16:09 . 2010-04-02 16:09	2023	----a-w-	c:\windows\system32\atipblag.dat
2010-03-30 17:46 . 2010-03-30 17:46	315	----a-w-	c:\windows\DIIUnin.dat
2010-03-28 16:23 . 2010-03-28 16:23	--------	d-----w-	c:\program files\ImTOO
2010-03-27 16:40 . 2010-03-27 16:40	--------	d-----w-	c:\programdata\Minnetonka Audio Software
2010-03-23 11:38 . 2010-03-23 11:38	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2010-03-19 12:02 . 2010-03-19 12:02	843864	----a-w-	c:\windows\system32\hha.dll
2010-03-19 03:17 . 2010-03-19 03:17	65872	----a-w-	c:\windows\system32\VSCover100.dll
2010-03-19 03:17 . 2010-03-19 03:17	111440	----a-w-	c:\windows\system32\VSPerf100.dll
2010-03-18 21:21 . 2010-03-18 21:21	269144	----a-w-	c:\windows\system32\vsjitdebugger.exe
2010-03-18 14:47 . 2010-03-18 14:47	17760	----a-w-	c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16	771424	----a-w-	c:\windows\system32\msvcr100_clr0400.dll
2010-03-17 15:06 . 2010-03-17 15:06	202234	----a-w-	c:\windows\system32\atiicdxx.dat
2010-03-09 10:21 . 2010-03-09 10:21	107024	----a-w-	c:\windows\system32\drivers\AtiHdmi.sys
2010-03-08 21:33 . 2010-04-14 12:07	427520	----a-w-	c:\windows\system32\vbscript.dll
2010-03-02 23:27 . 2010-03-02 23:27	223440	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2010-02-27 12:07 . 2010-04-14 12:07	3954568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-14 12:07	3899280	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-14 12:07	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 12:07	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 12:07	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-11-22 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	OODBS\0\0\0?-\0?u

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^*^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 13:39	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39	437584	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-02-03 10:40	394984	----a-w-	c:\program files\Sandboxie\SbieCtrl.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-20 722416]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-11-22 288112]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\*\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries23.gadget\WinRing0.sys [2010-01-27 14416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.facebook.com/
TCP: {FCD8B95C-AFAE-4E29-BCE0-04133DF248F6} = 192.168.178.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\xr66378w.default\
FF - prefs.js: browser.search.selectedEngine - Google US
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\xr66378w.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
FF - plugin: c:\browserplusplugins\4e9c035d36d03089a9ac8196be997f39\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Acrobat Reader - c:\users\9DEC~1\AppData\Local\Temp\wmpUI.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:00,d2,fd,b8,b8,86,e2,f4,42,5f,0c,42,23,86,27,20,df,82,2c,49,3d,
   4a,80,f1,e9,85,cf,5d,97,66,a4,5c,a8,4e,c0,11,34,81,62,9e,3d,19,78,a1,05,a5,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="A29EFED647231A2B03CA75604621ADAAA3294A832F54221A0F69885040B5ED6EDBE05650D52FC7AA878514B4F1972BD29EECC78B02C130EBB5E6D911099EAA92AF2620010B66A0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34529DB7CE019D40AA5CA67F7CA93EBF7B59649310CBD1F50B085217E83A39C90C634E07C9F792FDD180DFF097AECCF234FACD39FEC006113DE83E362F21700D66216893988553F467CA59944A5B8D1397C7C50F559BB81E56E66B50C164CCB710E606BD9B63E0C14A4CCE527F15ED77BF8710E1CAD030E692E5C9B74C240E2A09D7E0F98C0015F75A06E2E4A2377F0C90B6D9521FC557CD76FEAC12FCF31756124914142BBC6BC1BAAA9ADDA40F79CBAD86AFD512D6BD43C501CBD9065CF0C6B5C720AA3D6D065CD3A25E9F7A5EB54B805B8334EA51954E8C6D41DC9DD74697BB906B30075C2919D3887DE29B5BB03036CCAD8AF2FA370D98F88DBA7FD9E777B5953B6CD7443EDDA72CA8B206B08D35C0A7E74A77879BADFA0D946BEAC2C9ABF57FBE78FB5852A18612746F3AFB12A7D36DCFB649A462710AC89B38A06C030D92A60444C93E15F366EFDACB3CCF28EAE9D168EA40704FB1617CD03F68A2CF07689A0213970C5DF40432B9501430DC733FBE18D1B3FC47D95E2D41F18C25911B161E0EFAC051A1DADFF7515ACF99624ED5CE29AC83D2D7E72316E1165CA8C95B7E2767E5A50F01EEBE164816807990177253CA108E6CAD6F94230A44AA54A171C8602D932A383B8C2713288AB831DD039DD08DE53D381D195F7673EBCCC4651B60A8621735B7B42765A95C8E13176B54A400E8E8F7999C9EEFE53FCD9D0A8325F31272D63369F7C38C4BB7CC2C7478E81A4D382C2C68C64FF77A70017D281276F663280E922031F96D9AF0C52387EC2E51583813CBEEDA8FEEF16E6D4C16C7872116B34BC79EB0F8216E9ECD9C0451A4E4F78C564DEC3B550FBC0453F342FEE2ECDAA9704A9FEB020453408CC20FD4643032BA82A8146FAD550361C1DC0A3AA9999282B4964E7B683688B57D4241C818D6C4ADF95D0C22B5059B9920F5C21C10AAD41CA3AB4E9C171C8046EF4AAA23FB3CA034EFEAEF22222396A4283234ECDE666B349B0DB2300BDDE41A0890CB7D640969FEEE594F623AFA32DC67889A9871D8D4EF4EC285BBD5E6103FBDCC1C95B62CF7A651312C79D79AE681BEF2262EB95043D84557C3669BE890255D3D04CD6CD55924C800FEA3EC53DD38E4EFFA62B9619E5B58DBDCFD97D52CA306A0E22C157B4CD65BD6B03EF93C7285E384B00D0B620046376337F415E75773AA3D895A52D54800DF4D224D182EB8D699B3D22A5AEDB6CFE585AC5D761B40B2955B3FA65BE17247"

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:00,d2,fd,b8,b8,86,e2,f4,42,5f,0c,42,23,86,27,20,df,82,2c,49,3d,
   4a,80,f1,e9,85,cf,5d,97,66,a4,5c,a8,4e,c0,11,34,81,62,9e,3d,19,78,a1,05,a5,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-05-25  22:38:56
ComboFix-quarantined-files.txt  2010-05-25 20:38

Vor Suchlauf: 15 Verzeichnis(se), 46.735.646.720 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 46.398.709.760 Bytes frei

- - End Of File - - 4A2B14C47211A6E863A143E90F9B423F
         

Alt 26.05.2010, 13:04   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
File::
c:\windows\system32\DRIVERS\eamonm.sys

Folder::
c:\program files\metaseq2410

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

Reglockdel::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

Driver::
eamonm
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.05.2010, 21:50   #14
DrRumpus
 
Arbeitsspeicherauslastung zu hoch - Standard

Arbeitsspeicherauslastung zu hoch



Ich hab meine Daten gesichert und meinen PC neu aufgesetzt, da ich unter den Umständen nicht arbeiten konnte und nicht absehbar war, ob das Problem gelöst werden kann. Vielen Dank trotzdem für die Hilfe soweit.

Antwort

Themen zu Arbeitsspeicherauslastung zu hoch
anti, anti malware, autostart, eset, eset smart security, firefox, firefox.exe, hijack, hijackthis, infektion, infiziert., malwarebytes, monitor, neu, nichts, problem, prozesse, ram, registry, ressourcenmonitor, scan, scannen, security, system, taskmanager, trojan.agent, trojaner, verbindung, zu hoch



Ähnliche Themen: Arbeitsspeicherauslastung zu hoch


  1. Hohe Arbeitsspeicherauslastung trotz keiner offenen Programme
    Plagegeister aller Art und deren Bekämpfung - 04.11.2015 (11)
  2. ~90% Arbeitsspeicherauslastung; arbeiten teils nicht möglich
    Log-Analyse und Auswertung - 14.06.2015 (11)
  3. Windows 8.1 Hohe CPU- und Arbeitsspeicherauslastung
    Log-Analyse und Auswertung - 21.04.2015 (16)
  4. Enorme Datenträger- und Arbeitsspeicherauslastung
    Plagegeister aller Art und deren Bekämpfung - 05.03.2015 (9)
  5. CPU zu hoch
    Plagegeister aller Art und deren Bekämpfung - 24.12.2014 (24)
  6. Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung
    Log-Analyse und Auswertung - 26.02.2014 (15)
  7. Malwarebytes scant 45 Funde; hohe Arbeitsspeicherauslastung
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (15)
  8. Hohe Arbeitsspeicherauslastung des Windows Installer (msiexec.exe) unter Win 8
    Log-Analyse und Auswertung - 17.11.2012 (1)
  9. Lüfter laut, CPU- und Arbeitsspeicherauslastung hoch
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (5)
  10. svchost.exe hat hohe Arbeitsspeicherauslastung
    Log-Analyse und Auswertung - 26.02.2012 (9)
  11. Cpu °C zu hoch
    Netzwerk und Hardware - 18.08.2011 (5)
  12. Hohe Arbeitsspeicherauslastung trotz weniger Prozesse
    Log-Analyse und Auswertung - 25.07.2010 (10)
  13. CPU zu hoch
    Log-Analyse und Auswertung - 05.03.2009 (26)
  14. CPU zu hoch
    Log-Analyse und Auswertung - 11.08.2008 (5)
  15. CPU zu hoch
    Mülltonne - 10.08.2008 (0)
  16. cpu ist so hoch
    Alles rund um Windows - 11.02.2008 (4)
  17. Arbeitsspeicherauslastung steigt konstant?!
    Log-Analyse und Auswertung - 26.12.2007 (0)

Zum Thema Arbeitsspeicherauslastung zu hoch - Hallo, gleich erstmal kurz mein System: Windows 7 32Bit, 2GB Ram, 2.67 GHz Core2Duo, ESET Smart Security 4. So, ich hatte mich kürzlich mit einem Trojaner infiziert. Trotz geschlossenem Firefox - Arbeitsspeicherauslastung zu hoch...
Archiv
Du betrachtest: Arbeitsspeicherauslastung zu hoch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.