| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Arbeitsspeicherauslastung zu hochWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.05.2010, 21:51
| #1 |
| |  Arbeitsspeicherauslastung zu hoch Hallo, gleich erstmal kurz mein System: Windows 7 32Bit, 2GB Ram, 2.67 GHz Core2Duo, ESET Smart Security 4. So, ich hatte mich kürzlich mit einem Trojaner infiziert. Trotz geschlossenem Firefox war firefox.exe mit ca. 10MB immer im TaskManager sichtbar und startete sich immer neu, wenn ich versucht hab ihn zu schließen. Seitdem ich infiziert war nahm mein Arbeitsspeicher immer ca. 500MB mehr in Anspruch, als alle im Taskmanager gelisteten Prozesse und alles reagierte entsprechend langsam. Ich bin mir sicher, dass es nichts mit SuperFetch zu tun hat, da es früher defenitiv nicht so war und SuperFetch den Arbeitsspeicher wieder freigibt, wenn ihn andere Programme benötigen. Ich habe im Ressourcenmonitor nachgesehen, zu welcher IP sich der Prozess verbindet und per Whois Lookup rausgefunden, dass die Verbindung über HEIHACHI in Russland läuft und dass es sich um ein iscCP Virtual Hosting System handelt. Nachdem ich in der Registry nichts ungewöhnliches im Autostart gefunden hatte, ließ ich Malwarebytes' Anti Malware mal scannen, der 6 Treffer "Trojan.Agent" fand und diese erfolgreich behob. Neustart und das Problem schien behoben. Zumindest war firefox.exe nicht länger geöffnet. Leider ist mein Arbeitsspeicher aber noch immer ca. 500MB überbeansprucht. Evtl. hat sich der Trojaner nach dem Neustart in einen anderen Prozess injected oder das Problem mit dem Ram hat in erster Linie gar nichts mit dem Trojaner zu tun gehabt ?? Eset Smart Security und Malwarebytes' Anti Malware finden leider nichts und bei HijackThis und ESETs SysInspecter Snapshot gibts auch nichts auffälliges. Würde mich über Hilfe, Ratschläge, Ideen, ... freuen. Gruß, DrRumpus. |
|
25.05.2010, 10:06
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Arbeitsspeicherauslastung zu hoch Hallo und
__________________ Zitat:
__________________ |
|
25.05.2010, 10:25
| #3 |
| | Arbeitsspeicherauslastung zu hochCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4138
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
24.05.2010 18:44:34
mbam-log-2010-05-24 (18-44-34).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134521
Laufzeit: 6 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{68f45442-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{68f45443-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{68f45444-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{68f45445-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{68f45446-3569-11d7-90a8-00e0297f0885} (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\System32\Ri.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\KEFUd.exe - a variant of Win32/Injector.AXI trojan - cleaned by deleting - quarantined [1] RAM ist immer noch zu hoch :/ Geändert von DrRumpus (25.05.2010 um 10:30 Uhr) |
|
25.05.2010, 10:34
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsspeicherauslastung zu hoch Mach bitte mal einen Vollscan mit Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.05.2010, 13:34
| #5 |
| | Arbeitsspeicherauslastung zu hochCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4141
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
25.05.2010 14:32:39
mbam-log-2010-05-25 (14-32-39).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 412703
Laufzeit: 1 Stunde(n), 24 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
25.05.2010, 15:18
| #7 |
| | Arbeitsspeicherauslastung zu hoch OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.05.2010 15:16:49 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = E:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 14,00% Memory free 4,00 Gb Paging File | 1,00 Gb Available in Paging File | 33,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 117,19 Gb Total Space | 41,98 Gb Free Space | 35,82% Space Free | Partition Type: NTFS Drive D: | 115,17 Gb Total Space | 111,52 Gb Free Space | 96,83% Space Free | Partition Type: NTFS Drive E: | 233,40 Gb Total Space | 144,63 Gb Free Space | 61,97% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 526,10 Gb Free Space | 56,48% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Current User Name: * Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Program Files\foobar2000\foobar2000.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Garena\Garena.exe (Garena Online PTE LTD) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Program Files\Warcraft III\war3.exe (Blizzard Entertainment) PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.) PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe (Dominating Bytes Design) ========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PCToolsSSDMonitorSvc) -- File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (GarenaPEngine) -- C:\Users\9DEC~1\AppData\Local\Temp\VFH5D5B.tmp () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET) DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET) DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET) DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET) DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk) DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (WinRing0_1_2_0) -- C:\Users\*\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries23.gadget\WinRing0.sys (OpenLibSys.org) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (VSPerfDrv100) -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 BA 8B C0 C0 67 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: bnetsquelcher@ylleksazeroth:2.1.6.2 FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.0.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4 FF - prefs.js..extensions.enabledItems: {55009080-176f-11da-8cd6-0800200c9a66}:4.2.3 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.1 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.3 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100415 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.06 21:09:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 14:02:29 | 000,000,000 | ---D | M] [2009.11.18 13:34:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2010.05.24 17:07:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions [2010.05.10 15:58:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2009.12.09 17:55:25 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2010.02.11 01:00:57 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.01.27 17:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{33b974a8-e892-4f5f-bd17-f7b0331843d5} [2010.05.06 21:11:41 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} [2010.03.13 16:32:22 | 000,000,000 | ---D | M] (ImageBot) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66} [2009.11.18 14:44:40 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2009.11.18 19:39:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.04.16 14:17:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.01 13:02:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.13 11:25:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.01.22 21:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66} [2010.03.28 01:25:57 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.01.12 17:23:07 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2010.04.13 11:25:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.03.30 23:14:35 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.02.18 00:09:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\bnetsquelcher@ylleksazeroth [2010.04.14 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\cfxe@Triton [2010.04.14 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\cfxHelper@Triton [2010.03.06 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\chromifox@altmusictv.com [2009.11.18 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\elemhidehelper@adblockplus.org [2010.05.10 15:58:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\firebug@software.joehewitt.com [2010.05.01 13:02:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xr66378w.default\extensions\nasanightlaunch@example.com [2009.11.19 00:48:21 | 000,002,172 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\xr66378w.default\searchplugins\bing.xml [2010.05.24 01:14:30 | 000,002,404 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\xr66378w.default\searchplugins\google-us.xml [2010.02.06 22:34:15 | 000,001,713 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\xr66378w.default\searchplugins\youtube-video-search.xml [2010.05.24 17:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.01.22 19:10:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.22 19:10:33 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.22 19:10:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.22 19:10:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.22 19:10:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.24 17:30:31 | 000,000,589 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell - "" = AutoRun O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell\AutoRun\command - "" = I:\irjs3.exe -- File not found O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell - "" = AutoRun O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell\AutoRun\command - "" = H:\irjs3.exe -- File not found O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell - "" = AutoRun O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2010.05.24 23:54:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2010.05.24 23:53:14 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2010.05.24 23:53:13 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2010.05.24 23:53:13 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2010.05.24 23:53:13 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2010.05.24 23:53:13 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2010.05.24 23:53:13 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2010.05.24 23:53:11 | 002,796,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2010.05.24 23:53:11 | 002,785,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys [2010.05.24 23:53:11 | 001,528,864 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2010.05.24 23:53:11 | 000,338,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2010.05.24 23:53:11 | 000,055,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2010.05.24 23:53:09 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2010.05.24 23:53:09 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll [2010.05.24 23:53:09 | 000,347,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2010.05.24 23:53:09 | 000,306,176 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2010.05.24 23:53:09 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2010.05.24 23:53:09 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2010.05.24 23:53:09 | 000,164,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2010.05.24 23:53:09 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2010.05.24 23:53:09 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2010.05.24 23:53:09 | 000,061,952 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll [2010.05.24 23:53:09 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2010.05.24 23:53:09 | 000,047,104 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBppld32.dll [2010.05.24 23:53:09 | 000,044,032 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBPPCn32.dll [2010.05.24 23:53:07 | 000,281,600 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2010.05.24 23:52:59 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2010.05.24 23:52:59 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2010.05.24 23:52:57 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.05.24 20:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\ESET [2010.05.24 20:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\ESET [2010.05.24 20:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2010.05.24 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.05.24 19:24:37 | 000,278,560 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys [2010.05.24 19:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2010.05.24 18:30:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2010.05.24 18:30:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.24 18:30:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.24 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.24 18:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.23 20:53:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Metasequoia [2010.05.23 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\metaseq2410 [2010.05.23 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\SB3Utility [2010.05.18 20:12:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\The KMPlayer [2010.05.13 01:11:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\assembly [2010.05.13 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Deployment [2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- F:\Dokumente\StarCraft II Beta [2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta [2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Blizzard Entertainment [2010.05.09 22:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.05.09 22:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard [2010.05.07 16:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio [2010.05.04 16:52:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft Corporation [2010.05.04 16:40:54 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2010.05.04 16:40:46 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2010.05.04 16:40:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx [2010.05.04 16:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2010.05.04 16:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2010.05.04 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2010.05.04 16:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions [2010.05.04 16:35:08 | 000,000,000 | ---D | C] -- F:\Dokumente\Visual Studio 2010 [2010.05.04 16:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET [2010.05.04 16:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\IIS [2010.05.04 16:23:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033 [2010.05.04 16:22:59 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F# [2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2010.05.04 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop [2010.05.04 16:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2010.05.04 16:09:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.05.04 16:09:19 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.05.04 16:09:19 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.05.02 22:49:56 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.05.02 22:49:56 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.05.02 22:49:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.05.02 22:49:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.05.02 22:49:56 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.05.02 22:49:55 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.05.02 22:49:55 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.05.02 22:49:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.05.02 22:49:55 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.05.02 22:49:55 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010.05.02 22:49:55 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.05.02 22:49:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010.05.02 22:49:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010.05.02 22:49:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.05.02 22:49:55 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.05.02 22:49:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.05.02 22:49:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.05.02 22:49:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.05.02 22:49:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.05.02 22:49:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.05.02 22:49:52 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.05.02 22:49:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2010.05.02 22:49:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010.05.02 22:49:51 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010.05.02 22:49:51 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.05.02 22:49:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010.05.02 22:49:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.05.02 22:49:51 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010.05.02 22:49:51 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010.05.02 22:49:51 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.05.02 22:49:51 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010.05.02 22:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.05.02 22:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2010.05.02 22:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010.05.02 22:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010.04.29 12:22:35 | 000,000,000 | ---D | C] -- F:\Dokumente\RAD Studio [2010.04.27 19:38:30 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.04.27 19:38:30 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010.04.26 23:56:58 | 000,000,000 | ---D | C] -- C:\Eclipse [2010.04.23 01:22:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\avidemux [2010.04.23 01:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5 [2010.04.23 01:16:01 | 000,000,000 | ---D | C] -- C:\Users\*\avidemux [2010.04.23 01:02:52 | 000,000,000 | ---D | C] -- F:\Dokumente\Xilisoft Corporation [2010.04.15 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\IconChanger [2010.04.15 21:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger [2010.04.15 15:36:05 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010.04.14 15:47:26 | 000,000,000 | ---D | C] -- F:\Dokumente\Navicat [2010.04.14 14:07:06 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 14:07:06 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 14:07:05 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 14:06:08 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010.04.09 13:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NexusDB3 [2010.04.08 02:44:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4 [2010.04.07 04:43:20 | 005,430,272 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys [2010.04.07 04:16:30 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe [2010.04.07 04:16:20 | 000,489,472 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll [2010.04.07 04:13:10 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2010.04.07 04:12:38 | 000,372,736 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe [2010.04.07 04:12:12 | 014,321,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll [2010.04.07 04:12:04 | 000,172,032 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe [2010.04.07 04:10:48 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll [2010.04.07 04:10:32 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll [2010.04.07 04:10:18 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll [2010.04.07 04:10:10 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll [2010.04.07 04:10:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll [2010.04.07 03:46:48 | 000,050,176 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll [2010.04.07 03:40:18 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll [2010.04.07 03:40:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll [2010.04.07 03:38:12 | 004,018,176 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll [2010.04.07 03:23:40 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll [2010.04.07 03:23:32 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll [2010.04.07 03:23:10 | 000,157,184 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys [2010.04.07 03:22:44 | 000,028,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll [2010.04.07 03:22:30 | 000,020,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll [2010.04.07 03:22:00 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll [2010.04.07 03:08:52 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll [2010.04.07 03:08:52 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll [2010.04.06 21:23:30 | 000,000,000 | ---D | C] -- F:\Dokumente\My Games [2010.04.06 21:23:21 | 000,000,000 | ---D | C] -- F:\Dokumente\Sport [2010.04.06 21:23:21 | 000,000,000 | ---D | C] -- F:\Dokumente\Joiline [2010.04.06 21:23:21 | 000,000,000 | ---D | C] -- F:\Dokumente\Games [2010.04.05 23:26:11 | 000,000,000 | ---D | C] -- F:\Dokumente\The KMPlayer [2010.04.05 18:36:38 | 000,000,000 | ---D | C] -- F:\Dokumente\ICQ [2010.03.31 13:30:23 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.03.31 13:30:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.03.31 13:30:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.03.28 18:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO [2010.03.27 18:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Minnetonka Audio Software [2 C:\Users\*\AppData\Roaming\*.tmp files -> C:\Users\*\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2010.05.25 15:20:13 | 012,845,056 | -HS- | M] () -- C:\Users\*\NTUSER.DAT [2010.05.25 00:03:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.25 00:03:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.24 23:55:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.24 23:55:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.24 23:55:46 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys [2010.05.24 23:55:46 | 000,102,080 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010.05.24 23:54:40 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc [2010.05.24 23:48:21 | 002,270,875 | -H-- | M] () -- C:\Users\*\AppData\Local\IconCache.db [2010.05.24 21:30:19 | 000,000,833 | ---- | M] () -- C:\Users\*\SciTE.session [2010.05.24 20:21:44 | 000,007,605 | ---- | M] () -- C:\Users\*\AppData\Local\resmon.resmoncfg [2010.05.22 16:41:07 | 000,001,758 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.05.13 19:18:22 | 002,425,752 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.13 19:18:22 | 000,764,954 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.13 19:18:22 | 000,719,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.13 19:18:22 | 000,475,100 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2010.05.13 19:18:22 | 000,172,840 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.13 19:18:22 | 000,145,628 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2010.05.13 19:18:22 | 000,145,628 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.04 17:55:27 | 000,000,516 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.05.04 16:01:48 | 002,350,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.04 01:48:48 | 000,113,960 | ---- | M] () -- C:\Users\*\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.26 00:45:06 | 000,006,144 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.09 23:11:55 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys [2010.04.07 04:16:34 | 000,038,400 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb [2010.04.07 04:16:30 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe [2010.04.07 04:16:20 | 000,489,472 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll [2010.04.07 04:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2010.04.07 04:12:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe [2010.04.07 04:12:12 | 014,321,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe [2010.04.07 04:10:48 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll [2010.04.07 04:10:32 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll [2010.04.07 04:10:18 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll [2010.04.07 04:10:10 | 000,011,776 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll [2010.04.07 04:10:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll [2010.04.07 04:06:26 | 003,164,160 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll [2010.04.07 03:46:48 | 000,050,176 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll [2010.04.07 03:41:30 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2010.04.07 03:41:30 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2010.04.07 03:40:46 | 003,707,904 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll [2010.04.07 03:40:18 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll [2010.04.07 03:40:10 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll [2010.04.07 03:38:12 | 004,018,176 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll [2010.04.07 03:23:52 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll [2010.04.07 03:23:40 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll [2010.04.07 03:23:32 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll [2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys [2010.04.07 03:22:44 | 000,028,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll [2010.04.07 03:22:30 | 000,020,480 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll [2010.04.07 03:22:00 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll [2010.04.07 03:21:08 | 002,983,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll [2010.04.07 03:20:44 | 000,515,424 | ---- | M] () -- C:\Windows\System32\atiumdva.cap [2010.04.07 03:08:52 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll [2010.04.07 03:08:52 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll [2010.04.02 18:09:08 | 000,002,023 | ---- | M] () -- C:\Windows\System32\atipblag.dat [2010.04.01 11:34:28 | 000,020,862 | ---- | M] () -- C:\Windows\atiogl.xml [2010.03.30 19:46:32 | 000,000,315 | ---- | M] () -- C:\Windows\DIIUnin.dat [2010.03.28 18:10:44 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz [2010.03.28 18:10:44 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll [2010.03.28 18:10:44 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz [2010.03.28 18:10:44 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll [2010.03.28 18:10:44 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI [2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz [2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll [2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll [2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll [2 C:\Users\*\AppData\Roaming\*.tmp files -> C:\Users\*\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.24 19:24:37 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.04.07 04:16:34 | 000,038,400 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2010.04.07 03:20:44 | 000,515,424 | ---- | C] () -- C:\Windows\System32\atiumdva.cap [2010.04.02 18:09:08 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.04.01 11:34:28 | 000,020,862 | ---- | C] () -- C:\Windows\atiogl.xml [2010.03.30 19:46:32 | 000,000,315 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz [2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.03.27 18:40:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.03.27 18:40:46 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz [2010.03.27 18:40:46 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.03.27 18:40:46 | 000,000,087 | ---- | C] () -- C:\Windows\System32\ssprs.tgz [2010.03.27 18:40:46 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010.03.27 18:40:46 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2010.03.24 17:39:29 | 000,001,758 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.03.23 15:32:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.02.07 03:29:05 | 001,712,128 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2009.12.30 04:35:56 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009.12.30 04:35:56 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll [2009.12.30 04:35:56 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.12.30 04:35:56 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2009.12.30 04:35:56 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2009.12.30 04:35:56 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2009.12.30 04:35:56 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2009.12.30 04:35:56 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009.12.30 04:35:56 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2009.12.30 04:35:56 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2009.12.30 04:35:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2009.12.30 04:35:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2009.12.30 04:35:56 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009.12.30 04:35:56 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll [2009.12.30 04:35:56 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2009.12.30 04:35:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2009.12.30 04:35:56 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2009.12.30 04:35:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2009.12.30 04:35:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.30 04:35:56 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.11.20 20:05:23 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.11.17 23:39:31 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.11.17 23:39:31 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.08.19 23:00:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes140.dll [2009.08.19 23:00:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > |
|
25.05.2010, 16:11
| #8 |
| | Arbeitsspeicherauslastung zu hoch OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.05.2010 15:16:49 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = E:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 14,00% Memory free
4,00 Gb Paging File | 1,00 Gb Available in Paging File | 33,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,19 Gb Total Space | 41,98 Gb Free Space | 35,82% Space Free | Partition Type: NTFS
Drive D: | 115,17 Gb Total Space | 111,52 Gb Free Space | 96,83% Space Free | Partition Type: NTFS
Drive E: | 233,40 Gb Total Space | 144,63 Gb Free Space | 61,97% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 526,10 Gb Free Space | 56,48% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name:
Current User Name: *
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE ()
.js [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03B0D67B-36C9-C2CD-B63B-7B526138BA52}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04FC2E4C-0E41-9D39-4E58-1EF29D4EF09D}" = ccc-core-static
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0949C078-58B4-CAF1-9A63-A4545145806D}" = Catalyst Control Center Graphics Previews Common
"{094A436C-4F8A-4C62-B832-7E7118DDBF1D}_is1" = Oblivion Running Revised mod 3.5
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.0 Build #1211 Banner Remover 1.0
"{0C6F7EA4-D42E-4281-90E1-369D44FC761A}" = TortoiseSVN 1.6.8.19260 (32 bit)
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0ECED7D8-FF53-4DC9-958E-C2177F528DE4}" = MySQL Server 5.1
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{121EF407-C22A-43A3-BA61-DA735312EEC4}" = GridClicker
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1AFF3E5C-E67C-4D36-8478-8C36491440C2}" = InstallAware 7
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{25D9B5F1-4628-4723-99CF-8BAC31B5F5F5}" = GameTutorials CD v3.8
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 18
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38D9575F-6228-6A54-3A92-D902739B6541}" = Catalyst Control Center InstallProxy
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{573F1931-08F7-9222-704E-841C391794C5}" = ATI Catalyst Install Manager
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.3
"{5E8B45A0-072C-91F7-BC80-29374194B452}" = Catalyst Control Center Graphics Previews Vista
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7BA01D2D-E25C-0C2C-5779-7A8E02A4BE7D}" = Catalyst Control Center Core Implementation
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{815c3f32-3736-4d60-b341-06cd68414be2}" = Nero 9 Trial
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FF4E834-DCAD-29E7-1EE8-9D817A3FA15B}" = CCC Help English
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A99C800B-C5F3-48B9-AE2F-A9BE1C553111}" = ILLUSION 勇者からは逃げられない!
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C03A56EE-2715-5F54-69C4-A1CDB7602354}" = Catalyst Control Center Graphics Full New
"{C307DD64-1C69-8C52-D2C9-02D38995A269}" = Catalyst Control Center HydraVision Full
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = IconChanger
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E3E1398E-8FF2-0154-6D8F-7FC26299EBED}" = Catalyst Control Center Graphics Full Existing
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E966F0CC-76B3-11D3-945B-00C04FB1760A}" = BDE_ENT
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBEF69BB-829C-8D4D-B299-497147916039}" = Catalyst Control Center Graphics Light
"{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}" = O&O DiskRecovery
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Artificial Girl 3" = Artificial Girl 3
"AutoItv3" = AutoIt v3.3.6.0
"Avidemux 2.5" = Avidemux 2.5
"AWC" = Advanced WarCraft3 Configurator (remove only)
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DotAzilla" = DotAzilla
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"foobar2000" = foobar2000 v1.0.3
"Garena" = Garena
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ImTOO Video Editor" = ImTOO Video Editor
"InstallAware 7" = InstallAware 7
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MinGW" = MinGW 5.1.6
"Miranda IM" = Miranda IM 0.8.11
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PowerMPQ" = PowerMPQ 1.3
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"Proxifier_is1" = Proxifier version 2.9
"qt7lite_is1" = QT Lite 3.0.1
"Rave Reports 7.7.0 BE_is1" = Rave Reports 7.7.0 BE
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Sandboxie" = Sandboxie 3.44
"SciTE4AutoIt3" = SciTE4AutoIt3 2/6/2010
"Shockvoice Client_is1" = Shockvoice Client 0.9.1
"ST6UNST #1" = Hero Editor V1.03
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"TrueCrypt" = TrueCrypt
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.14.1.0b
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
"xp-AntiSpy" = xp-AntiSpy 3.97-5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.05.2010 23:25:48 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\InstallAware\InstallAware
7\Plug-Ins\DIFx\Localized\x64\DPInst.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.05.2010 10:38:35 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3743,
Zeitstempel: 0x4bb4be02 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x10417c22 ID des fehlerhaften
Prozesses: 0x2264 Startzeit der fehlerhaften Anwendung: 0x01cafb4ec7bc9858 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 083b9755-6742-11df-ab67-001a4d585642
Error - 24.05.2010 13:04:33 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccb3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00051ffe ID des fehlerhaften
Prozesses: 0xac0 Startzeit der fehlerhaften Anwendung: 0x01cafb610c2f7c8b Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6c448702-6756-11df-b4c6-001a4d585642
Error - 24.05.2010 16:20:21 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccb3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00051ffe ID des fehlerhaften
Prozesses: 0xea4 Startzeit der fehlerhaften Anwendung: 0x01cafb7c672ab994 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c6714d75-6771-11df-acf2-001a4d585642
Error - 24.05.2010 17:28:30 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamSpeak.exe, Version: 2.0.32.60,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0eedfade Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0x1164 Startzeit der fehlerhaften Anwendung: 0x01cafb86d6b139c5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4bdaa136-677b-11df-acf2-001a4d585642
Error - 24.05.2010 17:30:06 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamSpeak.exe, Version: 2.0.32.60,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046512 ID des fehlerhaften
Prozesses: 0x1164 Startzeit der fehlerhaften Anwendung: 0x01cafb86d6b139c5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8547937b-677b-11df-acf2-001a4d585642
Error - 24.05.2010 18:11:56 | Computer Name = spliffmaster | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccb3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00051ffe ID des fehlerhaften
Prozesses: 0xe18 Startzeit der fehlerhaften Anwendung: 0x01cafb8bf67fddd8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5d54742b-6781-11df-b4ce-001a4d585642
Error - 25.05.2010 06:16:05 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 25.05.2010 06:16:44 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\InstallAware\InstallAware
7\Plug-Ins\DIFx\Localized\ia64\DPInst.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.05.2010 06:16:44 | Computer Name = spliffmaster | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\InstallAware\InstallAware
7\Plug-Ins\DIFx\Localized\x64\DPInst.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 21.05.2010 08:48:40 | Computer Name = spliffmaster | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 21.05.2010 08:48:40 | Computer Name = spliffmaster | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 21.05.2010 08:48:40 | Computer Name = spliffmaster | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 21.05.2010 08:50:26 | Computer Name = spliffmaster | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?05.?2010 um 14:47:56 unerwartet heruntergefahren.
Error - 21.05.2010 09:06:16 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.05.2010 13:04:41 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.05.2010 14:10:18 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 24.05.2010 14:58:31 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 24.05.2010 16:20:22 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.05.2010 18:11:58 | Computer Name = spliffmaster | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
|
|
25.05.2010, 20:03
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsspeicherauslastung zu hoch Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Außerdem musst Du den unkenntlich gemachten Benutzernamen wieder in den richtigen verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
DRV - (GarenaPEngine) -- C:\Users\9DEC~1\AppData\Local\Temp\VFH5D5B.tmp ()
O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\Shell\AutoRun\command - "" = I:\irjs3.exe -- File not found
O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\Shell\AutoRun\command - "" = H:\irjs3.exe -- File not found
O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010.04.08 02:44:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4
[2010.03.28 18:10:44 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010.03.28 18:10:44 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2010.05.23 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\metaseq2410
[2010.03.28 18:10:44 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2010.03.28 18:10:44 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2010.03.28 18:10:44 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2010.03.27 18:40:46 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2010, 20:49
| #10 |
| | Arbeitsspeicherauslastung zu hoch All processes killed ========== OTL ========== Service GarenaPEngine stopped successfully! Service GarenaPEngine deleted successfully! C:\Users\9DEC~1\AppData\Local\Temp\VFH5D5B.tmp moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14c6a3bf-d6bb-11de-935c-001a4d585642}\ not found. File I:\irjs3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d4262d-d600-11de-901a-001a4d585642}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d4262d-d600-11de-901a-001a4d585642}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d4262d-d600-11de-901a-001a4d585642}\ not found. File H:\irjs3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8b06e21-000d-11df-8da2-001a4d585642}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8b06e21-000d-11df-8da2-001a4d585642}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8b06e21-000d-11df-8da2-001a4d585642}\ not found. File H:\autorun.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4\1.0.0.0 folder moved successfully. C:\Users\*\AppData\Local\DefaultDomain_Path_m1aidbvr33rqpqpkrxxzrlbrqnjp0wt4 folder moved successfully. C:\Windows\System32\lsprst7.tgz moved successfully. C:\Windows\System32\lsprst7.dll moved successfully. C:\Program Files\metaseq2410\Texture folder moved successfully. C:\Program Files\metaseq2410\Script folder moved successfully. C:\Program Files\metaseq2410\Plugins\Station folder moved successfully. C:\Program Files\metaseq2410\Plugins\Select folder moved successfully. C:\Program Files\metaseq2410\Plugins\Object folder moved successfully. C:\Program Files\metaseq2410\Plugins\Import folder moved successfully. C:\Program Files\metaseq2410\Plugins\Export folder moved successfully. C:\Program Files\metaseq2410\Plugins\Create folder moved successfully. C:\Program Files\metaseq2410\Plugins\Command folder moved successfully. C:\Program Files\metaseq2410\Plugins folder moved successfully. C:\Program Files\metaseq2410\help\python folder moved successfully. C:\Program Files\metaseq2410\help folder moved successfully. C:\Program Files\metaseq2410\Data\English folder moved successfully. C:\Program Files\metaseq2410\Data folder moved successfully. C:\Program Files\metaseq2410\Bump folder moved successfully. C:\Program Files\metaseq2410\Alpha folder moved successfully. C:\Program Files\metaseq2410 folder moved successfully. C:\Windows\System32\ssprs.tgz moved successfully. C:\Windows\System32\ssprs.dll moved successfully. C:\Windows\SurCode.INI moved successfully. C:\Windows\System32\sysprs7.tgz moved successfully. C:\Windows\System32\sysprs7.dll moved successfully. C:\Windows\System32\clauth2.dll moved successfully. C:\Windows\System32\clauth1.dll moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 57482 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: * ->Temp folder emptied: 652397194 bytes ->Temporary Internet Files folder emptied: 381146524 bytes ->Java cache emptied: 27159080 bytes ->FireFox cache emptied: 763132260 bytes ->Flash cache emptied: 2200271 bytes User: ÿ %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 190474549 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.923,00 mb OTL by OldTimer - Version 3.2.5.0 log created on 05252010_213724 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
25.05.2010, 20:51
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsspeicherauslastung zu hoch Gut, dann jetzt mal CF anwenden: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
