|
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Crypt.XPACK.Gen und viele FehlermeldungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.03.2011, 19:55 | #1 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Hallo zusammen, habe gestern an meinem Rechner gearbeitet und nebenbei VZ und Facebook offen gehabt. Auf einmal kam von AntiVir die Meldung, dass es den Trojaner TR/Crypt.XPACK.Gen identifiziert habe. Ich habe es über AntiVir "entfernt". Anschließend traten sehr viele Fehlermeldungen auf: Die in der Regestrierung angegebene Anwendung "C:\USER\****\AppData\Local\temp\csrss.exe" konnte nicht geladen oder gestartet werden. Stellen Sie sicher, dass die Datei vorhanden ist, oder entfernen Sie den Eintrag mit Bezug auf diese Datei aus der Regestrierung. Anschließend kamen Fehlermeldungen wie: Critical Error Damaged Harddriive Critical Error RAM memory usage usw. usw. usw. Der PC startete von alleine neu und anschließend war mein Desktophintergrund weg und schwarz. Nach und nach verschwanden alle Symbole auf dem Desktop bis auf Arbeitszplatz, UserOrdner und Papierkorb. Außerdem kann ich keine Programme mehr in der Start-Leiste anzeigen lassen oder öffnen. Wenn ich im Internet unterwegs bin lande ich immer auf merkwürdige Seiten Google ist auch nicht das Originalgoogle, sondern hat ein merkwürdiges Bild oben im Kopf. Also definitiv eine Fälschung. Ich weiß nun leider nicht ob meine externe HDD ebenfalls befallen ist. Zudem habe ich extrem viele Fotos auf meinem PC die sehr wichtig sind. (Fotografie) Das ist eine halbe Lebensarbeit darin und natürlich habe ich Trottel bisher keine Sicherung gemacht Wichtig ist es mir die externe HDD und die Bilder zu retten. Ich hoffe ihr könnt mir helfen. Ich habe nun wie im Board hier vorgegeben die TFC, ERUNT und OTL laufen lassen. (interessant ist das in den Logfiles was von Bit Torrent steht... das habe ich noch nie gehabt *grübel*) Hier die Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.03.2011 19:38:22 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 83,78 Gb Free Space | 17,99% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\AppData\Local\Temp\csrss.exe () PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\****\AppData\Roaming\dwm.exe () PRC - C:\Users\****\AppData\Roaming\Microsoft\conhost.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files (x86)\REALTEK PCI&Cardbus Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\IconCodecService.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TVersityMediaServer) -- C:\Users\****\AppData\Local\TVersity\Media Server\MediaServer.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1029unic.sys (MCCI Corporation) DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1029mgmt.sys (MCCI Corporation) DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\DRIVERS\s1029obex.sys (MCCI Corporation) DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\DRIVERS\s1029mdm.sys (MCCI Corporation) DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1029nd5.sys (MCCI Corporation) DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\DRIVERS\s1029mdfl.sys (MCCI Corporation) DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1029bus.sys (MCCI Corporation) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys (MCCI Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\DRIVERS\V0330Vid.sys (Creative Technology Ltd.) DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys (Realtek) DRV:64bit: - (s816mdm) -- C:\Windows\SysNative\DRIVERS\s816mdm.sys (MCCI Corporation) DRV:64bit: - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\SysNative\DRIVERS\s816unic.sys (MCCI) DRV:64bit: - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s816mgmt.sys (MCCI Corporation) DRV:64bit: - (s816obex) -- C:\Windows\SysNative\DRIVERS\s816obex.sys (MCCI Corporation) DRV:64bit: - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\SysNative\DRIVERS\s816nd5.sys (MCCI Corporation) DRV:64bit: - (s816mdfl) -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys (MCCI Corporation) DRV:64bit: - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s816bus.sys (MCCI Corporation) DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s115mgmt.sys (MCCI Corporation) DRV:64bit: - (s115obex) -- C:\Windows\SysNative\DRIVERS\s115obex.sys (MCCI Corporation) DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\DRIVERS\s115mdm.sys (MCCI Corporation) DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\DRIVERS\s115mdfl.sys (MCCI Corporation) DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s115bus.sys (MCCI Corporation) DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (Ser2pl64) -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys (Prolific Technology Inc.) DRV - (Pwa16bcy) -- C:\Windows\SysWOW64\drivers\ssmdrv.sys (Avira GmbH) DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55515 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {795828a9-f271-43a8-8536-4484bb991d3d}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 55515 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 09:26:30 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 07:42:43 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 07:42:43 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.12.26 09:01:46 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2010.12.26 09:01:46 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.05 19:18:02 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.26 09:01:46 | 000,000,000 | -H-D | M] [2010.08.27 15:14:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.08.27 15:14:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.24 21:36:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions [2010.05.11 12:37:36 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.04.10 22:30:59 | 000,000,000 | -H-D | M] ("Firefox Default for Vista") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{2843a0c8-caba-4428-b96a-83b5547c0fdd} [2011.03.06 21:59:06 | 000,000,000 | -H-D | M] (Stylish) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.11.12 20:43:02 | 000,000,000 | -H-D | M] (Aero Fox XL) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2011.03.23 06:09:41 | 000,000,000 | -H-D | M] (eBay Sidebar for Firefox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} [2011.01.14 18:44:36 | 000,000,000 | -H-D | M] (Productivity 2 Community Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d} [2010.09.18 16:21:16 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.04 20:28:20 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.08 11:22:50 | 000,000,000 | -H-D | M] (Elf 1.13 Community Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586} [2011.01.08 11:27:31 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\DTToolbar@toolbarnet.com [2011.01.14 18:44:36 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\engine@conduit.com [2010.11.12 20:43:05 | 000,000,000 | -H-D | M] (Virtus Search Opt-in) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\extension@virtusdesigns.com [2009.05.17 15:27:13 | 000,000,000 | -H-D | M] (Simple Dyyno Launcher) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\NPDyyno@dyyno.com [2010.11.12 20:43:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\extension@virtusdesigns.com\chrome [2010.11.12 20:43:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\v4itc736.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2008.04.13 11:57:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Sunbird\Profiles\7zep4cwc.default\extensions [2009.06.26 19:16:18 | 000,002,399 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\v4itc736.default\searchplugins\daemon-search.xml [2011.03.21 06:44:50 | 000,000,944 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\v4itc736.default\searchplugins\icqplugin.xml [2009.10.11 10:57:47 | 000,003,915 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\v4itc736.default\searchplugins\sweetim.xml [2011.03.24 21:36:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2008.05.25 11:03:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2010.04.16 18:39:33 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.26 09:43:02 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.16 10:28:14 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.18 12:51:24 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.19 19:02:43 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.03.06 09:26:30 | 000,000,000 | -H-D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX [2008.09.04 01:11:24 | 000,054,600 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll [2011.02.02 21:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.14 13:03:36 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.14 13:03:36 | 000,002,344 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.14 13:03:36 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.14 13:03:36 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.14 13:03:36 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [conhost] C:\Users\****\AppData\Roaming\Microsoft\conhost.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [sCRrtWXnjAgI] C:\ProgramData\sCRrtWXnjAgI.exe (FPAV) O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.) F3:64bit: - HKCU WinNT: Load - (C:\Users\****\AppData\Local\Temp\csrss.exe) - C:\Users\****\AppData\Local\Temp\csrss.exe () F3 - HKCU WinNT: Load - (C:\Users\****\AppData\Local\Temp\csrss.exe) - C:\Users\****\AppData\Local\Temp\csrss.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\****\AppData\Roaming\dwm.exe) - C:\Users\****\AppData\Roaming\dwm.exe () O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{36d21537-97bb-11df-9a93-001d7dd02838}\Shell - "" = AutoRun O33 - MountPoints2\{36d21537-97bb-11df-9a93-001d7dd02838}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.25 19:23:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.25 19:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.25 19:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.03.25 19:15:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\****\Desktop\Erunt-setup.exe [2011.03.25 19:15:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\TFC.exe [2011.03.25 19:13:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.03.24 22:04:48 | 000,546,304 | -H-- | C] (FPAV) -- C:\ProgramData\sCRrtWXnjAgI.exe [2011.03.20 10:43:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.0 [2011.03.20 10:43:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\PhotomatixPro4 [2011.03.20 10:43:15 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\HDRsoft [2011.03.09 23:24:57 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.03.09 23:24:56 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011.03.09 23:24:56 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011.03.09 23:24:56 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011.03.09 23:24:54 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.03.09 23:24:54 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.03.09 23:24:54 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.03.09 23:24:53 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.03.09 23:24:53 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.03.09 23:24:53 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll [2011.03.09 23:24:53 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.03.09 23:24:53 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll [2011.03.07 20:36:10 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Avira [2011.02.27 11:43:41 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\ZoomBrowser EX [2011.02.27 11:37:58 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\CANON_INC [2011.02.27 11:35:18 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Canon [2011.02.27 11:33:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\ZoomBrowser [2011.02.27 11:32:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2011.02.27 11:32:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Canon [2011.02.27 11:31:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Canon [2010.07.25 10:58:01 | 000,148,736 | -H-- | C] (Avanquest Software) -- C:\ProgramData\hpeAF06.dll ========== Files - Modified Within 30 Days ========== [2011.03.25 19:24:08 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E6D8AD8D-8C04-436D-8FED-9272D6C69435}.job [2011.03.25 19:22:37 | 000,000,763 | ---- | M] () -- C:\Users\****\Desktop\NTREGOPT.lnk [2011.03.25 19:22:37 | 000,000,744 | ---- | M] () -- C:\Users\****\Desktop\ERUNT.lnk [2011.03.25 19:19:04 | 000,001,104 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.25 19:19:01 | 000,000,330 | -H-- | M] () -- C:\Windows\tasks\RtlVistaStart.job [2011.03.25 19:18:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.25 19:18:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.25 19:18:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.25 19:15:54 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\****\Desktop\Erunt-setup.exe [2011.03.25 19:15:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.03.25 19:15:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\TFC.exe [2011.03.25 19:14:52 | 000,377,280 | ---- | M] () -- C:\Users\****\Desktop\Load.exe [2011.03.25 19:12:44 | 000,005,686 | -H-- | M] () -- C:\Users\****\AppData\Roaming\A748.111 [2011.03.25 19:04:05 | 000,001,108 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.24 23:04:50 | 000,000,239 | -H-- | M] () -- C:\Windows\WINCMD.INI [2011.03.24 22:34:56 | 000,002,338 | -H-- | M] () -- C:\Windows\SysWow64\tversity.cookies [2011.03.24 22:04:48 | 000,546,304 | -H-- | M] (FPAV) -- C:\ProgramData\sCRrtWXnjAgI.exe [2011.03.23 21:27:12 | 000,171,008 | -H-- | M] () -- C:\Users\****\AppData\Roaming\dwm.exe [2011.03.20 18:41:33 | 000,242,176 | -H-- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.20 10:43:17 | 000,001,837 | -H-- | M] () -- C:\Users\****\Desktop\Photomatix Pro 4.0.2 (32-bit).lnk [2011.03.19 16:04:17 | 000,000,069 | -H-- | M] () -- C:\Windows\NeroDigital.ini [2011.03.19 10:56:51 | 001,566,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.19 10:56:51 | 000,675,174 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.19 10:56:51 | 000,633,688 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.19 10:56:51 | 000,146,282 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.19 10:56:51 | 000,118,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.18 16:46:50 | 000,008,772 | -H-- | M] () -- C:\Users\****\AppData\Local\d3d9caps64.dat [2011.03.14 21:30:49 | 235,867,844 | -H-- | M] () -- C:\Users\****\Desktop\Festival of darkness.rar [2011.03.14 19:32:09 | 001,940,749 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0392.JPG [2011.03.14 19:32:02 | 002,583,155 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0390.JPG [2011.03.14 19:13:12 | 002,751,162 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0465.JPG [2011.03.14 19:12:45 | 002,662,506 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0460.JPG [2011.03.14 19:11:53 | 002,706,082 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0464.JPG [2011.03.14 19:10:37 | 002,387,951 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0475.JPG [2011.03.14 19:09:59 | 002,431,977 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0470.JPG [2011.03.14 19:09:50 | 002,467,600 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0469.JPG [2011.03.14 19:09:28 | 002,487,936 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0471.JPG [2011.03.14 19:05:32 | 002,409,599 | -H-- | M] () -- C:\Users\****\Desktop\IMG_0468.JPG [2011.03.13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\****\Desktop\Anleitung.html [2011.03.11 10:11:36 | 017,865,424 | -H-- | M] () -- C:\Users\****\Desktop\TVersitySetup_1_9_3.exe [2011.02.26 18:55:29 | 000,000,032 | -H-- | M] () -- C:\Windows\Menu.INI [2011.02.26 02:19:32 | 000,041,872 | -H-- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2011.02.26 02:19:32 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll ========== Files Created - No Company Name ========== [2011.03.25 19:22:37 | 000,000,763 | ---- | C] () -- C:\Users\****\Desktop\NTREGOPT.lnk [2011.03.25 19:22:37 | 000,000,744 | ---- | C] () -- C:\Users\****\Desktop\ERUNT.lnk [2011.03.25 19:15:00 | 000,377,280 | ---- | C] () -- C:\Users\****\Desktop\Load.exe [2011.03.24 23:04:40 | 000,000,239 | -H-- | C] () -- C:\Windows\WINCMD.INI [2011.03.23 21:27:12 | 000,171,008 | -H-- | C] () -- C:\Users\****\AppData\Roaming\dwm.exe [2011.03.23 21:26:54 | 000,005,686 | -H-- | C] () -- C:\Users\****\AppData\Roaming\A748.111 [2011.03.20 10:43:17 | 000,001,837 | -H-- | C] () -- C:\Users\****\Desktop\Photomatix Pro 4.0.2 (32-bit).lnk [2011.03.14 19:36:19 | 235,867,844 | -H-- | C] () -- C:\Users\****\Desktop\Festival of darkness.rar [2011.03.14 19:31:12 | 001,940,749 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0392.JPG [2011.03.14 19:31:03 | 002,583,155 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0390.JPG [2011.03.14 19:07:19 | 002,662,506 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0460.JPG [2011.03.14 19:07:09 | 002,751,162 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0465.JPG [2011.03.14 19:07:07 | 002,706,082 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0464.JPG [2011.03.14 19:06:25 | 002,387,951 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0475.JPG [2011.03.14 19:05:55 | 002,487,936 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0471.JPG [2011.03.14 19:05:52 | 002,431,977 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0470.JPG [2011.03.14 19:05:49 | 002,467,600 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0469.JPG [2011.03.14 19:00:58 | 002,409,599 | -H-- | C] () -- C:\Users\****\Desktop\IMG_0468.JPG [2011.03.13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\****\Desktop\Anleitung.html [2011.03.11 10:10:36 | 017,865,424 | -H-- | C] () -- C:\Users\****\Desktop\TVersitySetup_1_9_3.exe [2011.02.26 18:55:29 | 000,000,032 | -H-- | C] () -- C:\Windows\Menu.INI [2011.02.26 02:19:32 | 000,041,872 | -H-- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.02.26 02:19:32 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2010.07.11 17:03:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.29 19:18:52 | 002,434,856 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2009.09.24 06:35:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.24 06:34:44 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.09.24 06:34:15 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.24 06:33:59 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.06.09 23:17:11 | 001,448,396 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.04.15 17:35:11 | 000,000,171 | -H-- | C] () -- C:\Users\****\AppData\Local\rahistory.xml [2009.04.06 20:01:15 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2009.04.04 08:54:06 | 000,007,680 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.03.28 15:53:51 | 000,682,280 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2009.03.07 11:37:13 | 000,000,613 | -H-- | C] () -- C:\Windows\wiso.ini [2008.12.29 17:01:39 | 000,000,359 | -H-- | C] () -- C:\Windows\CoDUO.INI [2008.12.29 16:52:31 | 000,000,745 | -H-- | C] () -- C:\Windows\CoD.INI [2008.12.28 19:17:29 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.12.18 21:21:03 | 000,000,680 | -H-- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2008.12.10 22:12:37 | 000,000,552 | -H-- | C] () -- C:\Users\****\AppData\Local\d3d8caps.dat [2008.11.06 17:37:32 | 003,596,288 | -H-- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.11.06 17:33:02 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008.07.05 18:18:45 | 000,007,867 | -H-- | C] () -- C:\Windows\Irremote.ini [2008.04.17 22:12:23 | 000,242,176 | -H-- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.13 12:02:15 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat [2008.04.10 23:00:15 | 000,270,776 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2008.04.10 23:00:14 | 000,075,136 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2008.04.10 23:00:13 | 000,000,286 | -H-- | C] () -- C:\Windows\game.ini [2008.04.10 22:22:41 | 000,000,305 | -H-- | C] () -- C:\ProgramData\addr_file.html [2008.04.10 21:46:19 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI [2008.04.10 11:35:46 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2008.04.10 11:19:09 | 000,003,972 | -H-- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2008.04.10 11:11:20 | 000,111,932 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2008.04.10 11:11:20 | 000,031,053 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2008.04.10 11:11:20 | 000,027,417 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2008.04.10 11:11:20 | 000,026,154 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2008.04.10 11:11:20 | 000,024,903 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2008.04.10 11:11:20 | 000,021,390 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2008.04.10 11:11:20 | 000,020,148 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2008.04.10 11:11:20 | 000,011,811 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2008.04.10 11:11:20 | 000,004,943 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2008.04.10 11:11:20 | 000,001,146 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2008.04.10 11:11:20 | 000,001,139 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2008.04.10 11:11:20 | 000,001,139 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2008.04.10 11:11:20 | 000,001,136 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2008.04.10 11:11:20 | 000,001,129 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2008.04.10 11:11:20 | 000,001,129 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2008.04.10 11:11:20 | 000,001,120 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2008.04.10 11:11:20 | 000,001,107 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2008.04.10 11:11:20 | 000,001,104 | -H-- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2008.04.10 11:11:20 | 000,000,097 | -H-- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2008.04.10 10:45:57 | 000,008,772 | -H-- | C] () -- C:\Users\****\AppData\Local\d3d9caps64.dat [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2003.02.20 16:53:42 | 000,005,702 | -H-- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2008.04.18 10:11:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Ashampoo [2009.03.07 11:37:19 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Buhl Data Service [2011.02.27 11:35:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Canon [2008.05.30 22:04:20 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\CDBurnerXP_Soft [2009.06.26 19:20:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2009.12.19 13:43:41 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DNA [2011.03.04 18:50:06 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.07 20:19:24 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\EPSON [2010.06.27 09:05:15 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Facebook [2011.03.20 10:43:15 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\HDRsoft [2011.03.20 14:02:56 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ICQ [2010.03.23 16:24:39 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.02.21 20:54:17 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Picturenaut [2010.07.25 11:00:41 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sony [2010.07.25 10:48:58 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sony Setup [2008.07.06 09:21:31 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Teleca [2010.08.27 15:14:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2010.08.18 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Umakm [2009.12.19 09:44:46 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\VSRevoGroup [2011.03.25 19:19:01 | 000,000,330 | -H-- | M] () -- C:\Windows\Tasks\RtlVistaStart.job [2011.03.25 19:17:20 | 000,032,534 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.25 19:24:08 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E6D8AD8D-8C04-436D-8FED-9272D6C69435}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.06.11 17:46:50 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.09.24 17:13:03 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.04.10 10:43:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.04.10 10:52:22 | 000,000,000 | -H-D | M] -- C:\Intel [2010.06.13 13:54:35 | 000,000,000 | -H-D | M] -- C:\Ligeia [2008.04.10 21:42:37 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.10.01 21:42:24 | 000,000,000 | -H-D | M] -- C:\NVIDIA [2008.01.21 04:04:13 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2010.03.19 10:29:29 | 000,000,000 | RH-D | M] -- C:\Programme [2011.03.25 19:22:37 | 000,000,000 | RH-D | M] -- C:\Program Files (x86) [2011.03.25 19:06:18 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.04.10 10:43:55 | 000,000,000 | -HSD | M] -- C:\Programme [2011.03.25 19:38:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.08.22 10:57:35 | 000,000,000 | RH-D | M] -- C:\Users [2011.03.25 19:23:18 | 000,000,000 | -H-D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:6A7BF95613718B6A @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6971CCC5 < End of report > Und hier ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.03.2011 19:38:22 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 83,78 Gb Free Space | 17,99% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [dm Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm Fotowelt.exe" "%1" () Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" () Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" () Directory [TVersity] -- "C:\Users\****\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [dm Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm Fotowelt.exe" "%1" () Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" () Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" () Directory [TVersity] -- "C:\Users\****\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = F1 37 9B DA 31 3D CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CC6E5A6-16DF-459A-8E20-88F7524023DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{0D49261A-3F17-40B7-B530-3E8A0DF28728}" = lport=3390 | protocol=6 | dir=in | app=system | "{137C80DE-56A9-4E40-9D3A-114BF2CA657C}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{1AA82A50-8AD6-450B-A413-3FC98A2C64B0}" = lport=3101 | protocol=17 | dir=in | name=mw2 | "{1AE642C2-3178-4EDA-B524-A2796DD92846}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{1B146C3C-AC8D-4D28-90EF-9E3CB99DCD75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{28DF119A-B6DA-45BF-8FBF-C625355E289F}" = lport=41952 | protocol=6 | dir=in | name=tversity | "{2DABA2B8-C778-4BE8-9666-B585B04FFDC6}" = lport=10243 | protocol=6 | dir=in | app=system | "{2E867F43-D014-4423-A753-B359C70BA108}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{35C14320-16CF-4716-8C6D-E27DC7D2AA79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3AEF9E2A-5678-46AE-B484-DBB82146BBCD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4F3656C2-901F-497E-81C8-9CF3B16A6F30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{52EAA6FD-E126-41AF-AD54-693875636666}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{5FEA79D9-A6BD-41ED-8B73-9E9E1A1BC7C6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{61313132-E365-4FFE-9C25-48F5F1ECAA6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{63811C4F-6F12-4112-9DFD-3BD008600294}" = lport=41952 | protocol=17 | dir=in | name=41952 | "{64B4F51C-35A2-4FAC-A14A-95FDAD4CB7D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67C31A32-92A2-4534-9C29-C5BEA3F7DEC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68A6F940-69B2-4ECC-AE1E-A3B37CE29AF7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{8999AA6A-074B-4432-9141-F096AB43CCAB}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{8AFE5408-F0E9-41AD-A8A5-ED430519E8A7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{8C5B0AAC-C07D-40B5-9EE3-DFDB05C92225}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{985FDBF6-40A9-40F1-B409-CF83C66D2736}" = lport=3005 | protocol=17 | dir=in | name=mw2 | "{9AE922EC-7E03-4B13-8AE1-D5B7C7E42466}" = rport=10243 | protocol=6 | dir=out | app=system | "{A48197FF-D85A-4177-8241-71444BC2B1F2}" = lport=445 | protocol=6 | dir=in | app=system | "{B9BDCE08-6B16-4FD2-AAB0-635D99C085DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BAD5EB18-C39B-4B15-BF14-99E4CF2647DB}" = lport=2869 | protocol=6 | dir=in | app=system | "{BC064E09-C25B-4453-9538-CD1A94240684}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C3E508F8-B13F-40B0-B543-904CC6CA1BBD}" = lport=10244 | protocol=6 | dir=in | app=system | "{D7B5253C-85F4-431B-827A-827122BF9876}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | "{DE327CF5-54CE-4D61-AF44-9B396CDBE73F}" = lport=28960 | protocol=17 | dir=in | name=mw2 | "{DF892F5E-9345-4497-954E-671E1DC1B8F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E38B50FA-75B2-48FB-9AFF-8A806C1FA6D9}" = lport=1500 | protocol=17 | dir=in | name=mw2 | "{E4FFBFF8-1B22-4378-9D48-0FAA2CD34686}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED2A9864-915C-49C2-A196-75D686884468}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{F1A83492-F23F-4BF7-960A-B35159B906BB}" = lport=41952 | protocol=6 | dir=in | name=tversity | "{F97E8188-8FCD-451E-8B39-06988B2158C4}" = rport=10244 | protocol=6 | dir=out | app=system | "{FFA0E8BB-1289-4C59-9DE6-323A8465270A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004079D1-58EA-4BC5-8A83-1CAB904B9FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{005AECD3-5D74-45F8-8EC0-40DE4573C7B7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe | "{014FA9D6-08AE-46A3-8C6E-44ADCA3E6EB2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{05D7C640-08C1-4E6C-8AA7-4D5C5B222E83}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{0C5ADAAD-0506-4CED-998C-36D12D562307}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{1900A799-F22E-4A5E-BE05-8F9BE1CDFDD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{19C8089E-7C11-487B-A957-BDFAC94BBCAA}" = protocol=6 | dir=in | app=c:\users\****\appdata\local\tversity\media server\mediaserver.exe | "{243A5CFF-A330-4450-9046-E96AA4C4017D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{2537310F-FC86-4742-8D5D-BD268A2D3995}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | "{253FE906-E54F-4E66-9608-996F2EE6C172}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{25ADE3CF-AD1B-4DEE-8BAD-6F38694ABD38}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{26370A67-33E2-4BA5-AF90-4EDFAEDC9E94}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{26A18F58-24CF-40C1-BA93-9DB48919DC1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{2819204C-E993-4AB1-AF1B-4B6BC6200A03}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{2875449B-37BB-467D-8E0D-9F6AF5FA6472}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{28AEFF47-C596-4D11-BE1B-AA7038E7F1B2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{2B81A700-EA97-4DC5-831D-99E29F9F4E71}" = protocol=6 | dir=in | app=c:\users\****\appdata\locallow\dyyno receiver\dppm.exe | "{2F894A09-E472-4493-9EE5-41B835B9325E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{306A5871-FBD7-4F3A-811F-EBE003FBDFAB}" = protocol=17 | dir=in | app=c:\users\****\appdata\local\tversity\media server\mediaserver.exe | "{3719BC6D-8093-44D7-B691-FCF20BF5290D}" = protocol=17 | dir=in | app=c:\users\****\appdata\local\tversity\media server\web\admin\tversity.exe | "{3842B488-B243-4143-90D8-67D08D558853}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{39817115-5F56-4EB2-9969-27703BAE1B0F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{39E4D214-9CB4-4E6E-B7EC-51E78DD47C54}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | "{3A2258C9-CC5C-45CF-8542-9526AEDBADB5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe | "{3C111DF8-E2C1-4C57-B6D2-81AF69A398E9}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{3CB64647-D33A-44C7-8856-243CBB4756F2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{419A1AEF-93A2-4BA8-B96A-36B65261ABB3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{46AB9820-F63C-4768-8ABE-1608DB4E5349}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{493CD95E-8865-405E-B320-9EA993AE135F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4D53EC7F-FC37-4F4C-9654-F79737370FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{500681BD-0AC7-48E5-A467-81EA9C115794}" = protocol=17 | dir=in | app=c:\program files (x86)\tversity\media server\mediaserver.exe | "{50633951-9F46-4B33-8C12-780E7A0E8881}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{5A47B9C4-E55D-418E-BF86-A9AFC5F94C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{5FB19E01-73B0-4E53-B160-0E6ECB3A510E}" = protocol=17 | dir=in | app=c:\users\****\appdata\locallow\dyyno receiver\dppm.exe | "{6042AAA7-3E4E-4B13-85D2-6193AF4F302C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{60CD4FB2-082F-41F8-8FBD-889DC80CF9F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{61FBBFCB-0537-4E4A-8118-E700A08E5663}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{659145F0-8DDF-4A39-90A8-C28614B4F493}" = protocol=6 | dir=in | app=c:\users\****\appdata\local\tversity\media server\web\admin\tversity.exe | "{683A6F5F-0FE3-497F-BC36-C5E516A46E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{687D96F4-C52F-4DFD-92FB-267C0C3FA5B9}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{6BAE34DD-2634-4A40-B265-FF5A3171CAC6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{6D3F166D-6C6D-4B26-9627-96DDA24D3DF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6F41D2B8-1562-443D-B55B-88143C78FCFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{749F4B64-F24E-4E13-9CC4-3BA81BAF6C60}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | "{74EDD5A2-727A-4EE9-8827-073F343653CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{799EA453-255F-4778-AB71-EAE4348D9C05}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{7BFAA1FC-9474-4F4B-925D-7DF4872E65D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7D0CFE88-CA55-442A-B36F-DD5A5F074D6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7EFE49BC-95A5-4BB7-90FD-363881E6D0D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{85C10DD3-33DD-420D-95BB-F4DC591ABBD9}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{8A081D99-B275-480C-A7F4-79015980D428}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{8C57ED70-E660-4FA0-BA7A-E3E1139FE44A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{8D071E16-38D4-4BA6-82A8-58215EF11E8D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{8E559077-E727-42E4-A42B-AAA131FD6816}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{90BB9E92-4F99-4CF4-AAE2-FC85791CF603}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9274AB23-7E54-46F5-B403-0BAB9E58F93F}" = protocol=6 | dir=in | app=c:\users\****\appdata\local\tversity\media server\mediaserver.exe | "{959185C9-1C45-43C2-AA91-DF69E157053C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{96B12550-04CA-48F7-9D20-B4CD6F8FA5CB}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{9B17F210-2C1B-41CA-BEBE-5A535CAD883F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{9F416E9C-0C12-40AA-8D57-059E838F3854}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A513745F-E18B-4C5C-ADD5-0626FDFC9865}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{A5A66EEE-E8BE-4025-8F0D-74A01F5681F8}" = protocol=17 | dir=in | app=c:\users\****\appdata\local\tversity\media server\mediaserver.exe | "{A78B201A-348F-48A0-A0EE-B98372370FA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AE849C87-4CE2-4077-B57C-AD137A1893BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AFF6CEC8-F1BE-4202-909A-FF98733437A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B4649046-7348-46D7-8BA7-22E450644DC7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B480590F-C5EF-486D-B769-4ADF2E6F54B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{B5E468F6-AE8F-4971-B2E8-C39881D3325D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B97AB61D-2431-4BFC-9857-3B8D71BFEC36}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | "{BB57F18E-A921-4AE2-8C6B-3B49A960C636}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{BDACCDCF-ED59-43F7-8F07-EF29E091ACE6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C29CE330-333E-468B-B24E-339747CEF06A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{C59F0FD8-3662-4937-B7ED-4EF136A43C72}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{C766832C-3FA3-4B2D-BDE4-BA3D1F26DDA3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CD2FE1D6-A135-49B5-9473-576B12EA455B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{CDEEAF7B-6DE2-45A5-ADA5-F6ECE2C47F80}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CE7BF0CA-1963-4DEE-8E70-842C82118190}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3D538F8-F2EF-46EB-9B44-697F58DBA98C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{D45D8FB9-6371-4A06-9695-3D3930C7E2DA}" = protocol=6 | dir=out | app=system | "{D82DFA94-ABD4-4188-9569-70BDBAFE393E}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{D8D7A847-395E-4521-926C-3375951F360E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{DA6724A9-223E-4EF5-B84D-E9B998007933}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{DB7B2697-7D27-4E42-8C20-161355604DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{E5BE0130-F73B-474E-9063-ABC2C52AADF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E74E9D9A-98DA-4CD6-838B-752DF3BC62D1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{EA356834-9D43-42AE-B18C-0AF2EEA5F99F}" = protocol=6 | dir=in | app=c:\program files (x86)\tversity\media server\mediaserver.exe | "{ECFC28E0-CE51-46EA-8EEB-CF72844E53A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{EF1A6DC6-D6A3-4766-9452-AAE765862F90}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{F32B3207-1327-4172-958F-6BE980D5A4DF}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{F858B314-C4BD-4AE1-AEFF-D6A43313F845}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{F92584AC-FDA7-4282-A936-39F9990A1B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{025F6404-05E5-4CA5-BA7F-4F7372B51B74}C:\program files (x86)\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files (x86)\kazaa lite\clean.kmd | "TCP Query User{1D3E6626-D3C5-4DC8-ACE1-C0E39CA5878F}E:\apps\mirandaportable\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=e:\apps\mirandaportable\app\miranda\miranda32.exe | "TCP Query User{2E819D66-C252-4B22-BF98-25D29F90D285}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{31A7F6CB-98F0-40D7-A5C7-E0C28CEA8650}C:\users\****\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\****\program files (x86)\dna\btdna.exe | "TCP Query User{3984A979-2564-4073-8429-25444582124A}C:\program files (x86)\call of duty\coduomp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty\coduomp.exe | "TCP Query User{3BB46A9E-E3B1-4F4D-97B5-03F369DC1FA4}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "TCP Query User{47D361B5-1AFB-4CE1-819D-7B37F057F77F}C:\program files (x86)\dcc\dcc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dcc\dcc.exe | "TCP Query User{4AD1F99F-0345-49A2-AA32-BE6D46024902}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{60E164CD-DAA8-47FD-B7D3-781E04EE221B}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{6360917A-32E8-4414-92F9-6100B79ABE4C}C:\users\****\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\****\program files (x86)\dna\btdna.exe | "TCP Query User{78214362-4DEF-45CE-9AF0-E693C453527C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{7CDF39FA-2CFA-49E0-8E44-691F6AC1CB88}C:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe | "TCP Query User{8E764AC0-2697-422F-8695-C1CCAFB39BFC}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{9494033C-A5DD-44A6-9BCA-AD430006883F}C:\program files (x86)\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | "TCP Query User{C7F61CE8-6BC5-43CB-AD67-E4A1E72DF8BF}C:\users\****\appdata\roaming\vyuwe\uklu.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\vyuwe\uklu.exe | "TCP Query User{CEE9AB14-F8F9-444F-A58F-7C1D0CDDBAC8}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{E548B9A5-4849-4505-913C-87FAEB16F1A9}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{E651F9AE-A0AA-41C3-B314-06F2120A22F1}C:\program files (x86)\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe | "TCP Query User{EF8E141A-81DF-46E0-8238-3C2A01A5E0D0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{F5D99F3F-EF61-4752-A487-B255FAEF09AD}C:\program files (x86)\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty\codmp.exe | "TCP Query User{F6D74C11-5E73-45E4-B177-338B8525B128}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{2A3CE5F0-EBA9-4B8C-B2B7-A90ADC8C2620}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{2C5104BE-6C0D-44B4-9DDB-0842415597A3}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{3788D361-6A6A-4C07-917E-730FB0412E77}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{4C2CF337-568B-42BF-BBB3-943884B773B8}C:\program files (x86)\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files (x86)\kazaa lite\clean.kmd | "UDP Query User{6475783B-D117-45AA-A5DE-CDE33A2EA65B}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{67A8A20F-091B-4F58-B4AA-0407313C7613}C:\users\****\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\****\program files (x86)\dna\btdna.exe | "UDP Query User{6C12F53F-0C83-4DC3-8CFF-9AF2D4EB8AE9}C:\users\****\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\****\program files (x86)\dna\btdna.exe | "UDP Query User{79F3EADD-1C40-4A36-BF49-CCBFE0A14E36}C:\program files (x86)\call of duty\coduomp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty\coduomp.exe | "UDP Query User{7AE8C248-8F8A-4877-B303-078F3B6D364C}C:\program files (x86)\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | "UDP Query User{7EC2DECC-7CF4-406B-A335-2D681B16F521}C:\program files (x86)\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty\codmp.exe | "UDP Query User{A7F684E0-C50F-4FDC-AB01-297DA8833C82}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{B92038F5-78D3-4E1F-8742-1FA81DA2755A}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{C05FC7A2-1CAA-4B8E-BAF1-72607D6816CE}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{C5EC5EA9-4420-4849-BA0B-71471BBD877B}E:\apps\mirandaportable\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=e:\apps\mirandaportable\app\miranda\miranda32.exe | "UDP Query User{D69CB170-A831-4EF0-994B-6371DE35ADF9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{E471C611-3B9D-455B-8E55-77B5CE25FDC7}C:\program files (x86)\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe | "UDP Query User{E71C18BD-0FD0-488A-9C39-22C4427FFC85}C:\users\****\appdata\roaming\vyuwe\uklu.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\vyuwe\uklu.exe | "UDP Query User{EA61BECC-150F-42F0-A3B5-C81EF9540CBE}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "UDP Query User{EB74D391-16A7-4ECF-8745-FB1B78188EA4}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{F19039CE-09F7-41A8-B47D-F910E609EFAD}C:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe | "UDP Query User{FBEEDE14-7C98-4DC8-8D35-052AD54BB6F2}C:\program files (x86)\dcc\dcc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dcc\dcc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{217727BD-9B2C-47E5-B5FB-773D9DAC7210}" = Microsoft SQL Server Native Client "{4432F6A4-33D7-41B9-88E4-6735CF334671}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU "{68FCD2C3-67B6-42E7-B677-2B4053225801}" = Microsoft SQL Server VSS Writer "{906BDDA8-9E8F-45B7-8520-36F7961FD65D}" = Logitech GamePanel Software 2.02 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F0309609-E415-42C8-8C61-2483EBA338E9}" = Sony Ericsson PC Suite x64 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Creative VF0330" = Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24 "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C8DE415-3AB4-4E46-8349-1DD0B5AB297D}" = Microsoft Visual Basic 2005 Express Edition - DEU "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B52E1FF-BD66-4582-97BA-55C575C19504}" = Microsoft MSDN 2005 Express Edition - DEU "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{919635D1-5C0D-4B64-B724-BDDB31D11031}" = Nero 8 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7 "{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF72E0A5-57E8-471F-837E-82BB19771363}" = REALTEK PCI&Cardbus Wireless LAN Driver and Utility "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Benutzerhandbuch für Creative WebCam Vista German" = Benutzerhandbuch für Creative WebCam Vista (Deutsch) "Call of Duty" = Call of Duty "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CCleaner" = CCleaner "Creative Live! Cam Center" = Creative Live! Cam Center "Creative Software AutoUpdate" = Creative Software AutoUpdate "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dm Fotowelt" = dm Fotowelt "dm-Fotowelt" = dm-Fotowelt "DPP" = Canon Utilities Digital Photo Professional 3.8 "DVD Shrink_is1" = DVD Shrink 3.2 "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EOS Utility" = Canon Utilities EOS Utility "EPSON Scanner" = EPSON Scan "ERUNT_is1" = ERUNT 1.1j "Exact Audio Copy" = Exact Audio Copy 0.99pb3 "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24] "FLV Player" = FLV Player 2.0 (build 25) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Studio_is1" = Free Studio version 4.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33 "HijackThis" = HijackThis 2.0.2 "ICQToolbar" = ICQ Toolbar "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "Microsoft MSDN 2005 Express Edition - DEU" = Microsoft MSDN 2005 Express Edition - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Basic 2005 Express Edition - DEU" = Microsoft Visual Basic 2005 Express Edition - DEU "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mozilla Sunbird (0.8)" = Mozilla Sunbird (0.8) "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9) "MP3 Splitter_is1" = MP3 Splitter version 3.11 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2 "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "Pixum Fotobuch" = Pixum Fotobuch "PunkBusterSvc" = PunkBuster Services "Revo Uninstaller" = Revo Uninstaller 1.83 "S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "SysInfo" = Creative Systeminformationen "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TVersity Codec Pack" = TVersity Codec Pack 1.4 "TVersity Media Server" = TVersity Media Server 1.9.2 "TVersity Media Server " = TVersity Media Server 1.6 Beta "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VideoLAN VLC media player 0.8.6f "WFTK" = Canon Utilities WFT Utility "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.04.2010 06:11:00 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Error - 03.04.2010 06:11:00 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Error - 03.04.2010 06:11:00 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 09.04.2010 14:01:50 | Computer Name = ****-PC | Source = Application Hang | ID = 1002 Description = Programm BFBC2Game.exe, Version 1.0.1.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: c38 Anfangszeit: 01cad80df93e6e8c Zeitpunkt der Beendigung: 110 Error - 10.04.2010 02:40:41 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Error - 10.04.2010 02:40:41 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Error - 10.04.2010 02:40:42 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 10.04.2010 07:44:21 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Error - 10.04.2010 07:44:22 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Error - 10.04.2010 07:44:23 | Computer Name = ****-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. [ Media Center Events ] Error - 03.10.2009 10:20:37 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 03.10.2009 12:49:03 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 05.04.2010 04:32:58 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 05.04.2010 04:36:04 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 17.04.2010 12:18:50 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 17.04.2010 15:11:51 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.06.2010 06:16:37 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 06.09.2010 15:19:51 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 06.09.2010 16:21:42 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.02.2011 05:11:24 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 25.03.2011 13:57:58 | Computer Name = ****-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 25.03.2011 13:59:34 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = Error - 25.03.2011 13:59:34 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026 Description = Error - 25.03.2011 14:00:25 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = Error - 25.03.2011 14:00:25 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = Error - 25.03.2011 14:18:20 | Computer Name = ****-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 25.03.2011 14:19:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = Error - 25.03.2011 14:19:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026 Description = Error - 25.03.2011 14:20:49 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = Error - 25.03.2011 14:20:49 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = < End of report > Danke euch schon mal für eure Hilfe NACHTRAG: Es war übrigens nicht XPACK sondern TR/Crypt.ZPACK.Gen Außerdem hat Antivir jetzt auch noch folgende Mareware gefunden: TR/Kazy.16727.1 und BDS/Cycbot.B.1491 Geändert von SebastianEF (25.03.2011 um 20:16 Uhr) Grund: Korrektur des Trojaners |
26.03.2011, 14:02 | #2 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Hallo zusammen,
__________________sorry wenn ich jetzt schon wieder schreibe, ich weiß in den Forenregeln steht was von 3 Tagen Wartezeit. Bei anderen Threads gabs allerdings schon fleißig antworten. Da wollte ich noch mal auf Nummer sicher gehen. Ich habe leider in der Woche keine Zeit Maßnahmen an meinem PC durchzuführen. Ich habe nur am WE Zeit dafür. Deshalb wäre es super wenn sich jemand meldet und mir helfen kann. Schönen Gruß Sebastian |
26.03.2011, 20:22 | #3 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Geduld war noch nie meine Stärke
__________________Ich habe mal Malwarebytes laufen lassen. Und siehe da, 10 Infizierte Dateien. Anschließend Rechner neu gestartet. Da meldete sich der Windows Defender und meldete zwei Backdoorprogramme. Die gelöscht und noch mal neugestartet. Dann festgestellt das im Firefox ein Proxy eingegeben war. Diesen entfernt. Nun die Logfile von Malwarebytes Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6176 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.03.2011 19:57:07 mbam-log-2011-03-26 (19-57-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 382537 Laufzeit: 1 Stunde(n), 15 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: c:\Users\****\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 772 -> Unloaded process successfully. c:\Users\****\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 3184 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\****\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\****\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\****\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. Was soll ich nun machen? |
26.03.2011, 21:59 | #4 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Ich möchte echt nicht nerven. Aber kann es sein, dass mein Thread nicht beantwortet wird? Alle anderen haben schon ne Antwort |
26.03.2011, 22:01 | #5 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen ****doppelposting**** |
27.03.2011, 20:59 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ --> Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen |
28.03.2011, 11:06 | #7 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Hi Cosinus Nee habe Malwarebyte das erste mal genutzt. Habe jetzt noch Super Antispyware laufen lassen, dabei wurde noch mal ein Fund entfernt (Trojaner) und anschließend noch ein Lauf, da war dann nix mehr. Habe auch CC Cleaner drüber gejagt und nun scheint so als wenn alles weg sei. Aber: Ich trau dem Frieden nicht. Zudem ist mein Desktop noch immer rot und mein Design ist weg. Die Dateien und Programme werden nicht angezeigt. Die Daten sind allerdings noch alle da, wenn ich Dateien suche finde ich sie. So werden sie aber nicht angezeigt und alle Ordner seien leer. Gruß Sebastian |
28.03.2011, 11:53 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
__________________ Logfiles bitte immer in CODE-Tags posten |
28.03.2011, 11:57 | #9 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Ok. Meinste das kann ich jetzt schon machen, oder sollte ich erstmal noch mal prüfen ob irgendwo was ist? Kannst du bitte prüfen ob ich alles weghabe? Was brauchst dazu? Logiles von welchen Programmen? Und die letzte Frage. Habe ne externe HDD. Die habe ich gleich ausgemacht als ich gemerkt habe das ich nen Trojaner habe. Weiß aber nicht ob sie infiziert ist. Wie soll ich vorgehen beim Einschalten? Ich brauch die Daten welche drauf sind. |
28.03.2011, 13:14 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Mach erstmal den unhide. Dann gehts weiter mit einem OTL-Fix.
__________________ Logfiles bitte immer in CODE-Tags posten |
28.03.2011, 13:34 | #11 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Fertig. Hat super geklappt ist alles wieder sichtbar. Weiter nun mit OTL? Wie? |
28.03.2011, 18:23 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Deinstallier erstmal über die Systemsteuerung sämtliche Toolbars die du finden kannst. Wenn nicht alle gehen erstmal überspringen. Mach danach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL @Alternate Data Stream - 24 bytes -> C:\Windows:6A7BF95613718B6A @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6971CCC5 [2011.03.23 21:27:12 | 000,171,008 | -H-- | C] () -- C:\Users\****\AppData\Roaming\dwm.exe [2011.03.23 21:26:54 | 000,005,686 | -H-- | C] () -- C:\Users\****\AppData\Roaming\A748.111 [2011.03.24 22:04:48 | 000,546,304 | -H-- | M] (FPAV) -- C:\ProgramData\sCRrtWXnjAgI.exe [2011.03.23 21:27:12 | 000,171,008 | -H-- | M] () -- C:\Users\****\AppData\Roaming\dwm.exe [2011.03.20 18:41:33 | 000,242,176 | -H-- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{36d21537-97bb-11df-9a93-001d7dd02838}\Shell - "" = AutoRun O33 - MountPoints2\{36d21537-97bb-11df-9a93-001d7dd02838}\Shell\AutoRun\command - "" = F:\Startme.exe O4 - HKLM..\Run: [conhost] C:\Users\****\AppData\Roaming\Microsoft\conhost.exe () O4 - HKCU..\Run: [sCRrtWXnjAgI] C:\ProgramData\sCRrtWXnjAgI.exe (FPAV) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.) F3:64bit: - HKCU WinNT: Load - (C:\Users\****\AppData\Local\Temp\csrss.exe) - C:\Users\****\AppData\Local\Temp\csrss.exe () F3 - HKCU WinNT: Load - (C:\Users\****\AppData\Local\Temp\csrss.exe) - C:\Users\****\AppData\Local\Temp\csrss.exe () FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 55515 FF - prefs.js..network.proxy.type: 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55515 PRC - C:\Users\****\AppData\Local\Temp\csrss.exe () :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
28.03.2011, 18:50 | #13 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Das mit den Toolbars hat geklappt. Wusste garnicht wie viel Sch... ich da drin hatte So, habe deine Logfile genommen, sie im Editor angepasst zwecks Namen (Ersetze alle **** in den richtigen USER Namen) und hab sie in das Textfeld von OTL eingefügt. Nach dem Fix nun folgendes Logfile: All processes killed ========== OTL ========== ADS C:\Windows:6A7BF95613718B6A deleted successfully. ADS C:\ProgramData\TEMP:6971CCC5 deleted successfully. File C:\Users\****\AppData\Roaming\dwm.exe not found. C:\Users\****\AppData\Roaming\A748.111 moved successfully. File C:\ProgramData\sCRrtWXnjAgI.exe not found. File C:\Users\****\AppData\Roaming\dwm.exe not found. C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36d21537-97bb-11df-9a93-001d7dd02838}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36d21537-97bb-11df-9a93-001d7dd02838}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36d21537-97bb-11df-9a93-001d7dd02838}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36d21537-97bb-11df-9a93-001d7dd02838}\ not found. File F:\Startme.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\conhost not found. File C:\Users\****\AppData\Roaming\Microsoft\conhost.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sCRrtWXnjAgI not found. File C:\ProgramData\sCRrtWXnjAgI.exe not found. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk moved successfully. C:\Program Files (x86)\Xfire\xfire.exe moved successfully. File C:\Users\****\AppData\Local\Temp\csrss.exe not found. 64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\****\AppData\Local\Temp\csrss.exe deleted successfully. File C:\Users\****\AppData\Local\Temp\csrss.exe not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\****\AppData\Local\Temp\csrss.exe deleted successfully. Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 55515 removed from network.proxy.http_port Prefs.js: 1 removed from network.proxy.type HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! No active process named csrss.exe was found! ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sandy ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 895482 bytes ->Temporary Internet Files folder emptied: 8194028 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49760298 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3954 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 56,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03282011_194440 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... |
28.03.2011, 19:46 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
28.03.2011, 20:12 | #15 |
| Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen CoFi läuft ja schneller als ich dachte. Hier die Logs: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-28.01 - **** 28.03.2011 21:01:59.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2778 [GMT 2:00] ausgeführt von:: c:\users\****\Desktop\cofi.exe.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\hpeAF06.dll c:\users\****\eac-0.99pb3.exe c:\users\****\EULA.txt c:\users\****\EZCD_Setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2011-02-28 bis 2011-03-28 )))))))))))))))))))))))))))))) . . 2011-03-28 17:44 . 2011-03-28 17:44 -------- d-----w- C:\_OTL 2011-03-28 15:08 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2BB97D4-342C-4664-BC3A-7DC769C7E215}\mpengine.dll 2011-03-26 19:51 . 2011-03-26 19:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-03-26 19:51 . 2011-03-26 19:51 -------- d-----w- c:\users\****\AppData\Roaming\SUPERAntiSpyware.com 2011-03-26 19:51 . 2011-03-26 19:51 -------- d-----w- c:\programdata\!SASCORE 2011-03-26 19:51 . 2011-03-28 13:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-03-26 17:31 . 2011-03-26 17:31 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes 2011-03-26 17:31 . 2011-03-26 17:31 -------- d-----w- c:\programdata\Malwarebytes 2011-03-26 17:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-26 17:31 . 2011-03-26 17:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-03-26 17:31 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-25 18:22 . 2011-03-25 18:22 -------- d-----w- c:\program files (x86)\ERUNT 2011-03-20 09:43 . 2011-03-20 09:43 -------- d-----w- c:\program files (x86)\PhotomatixPro4 2011-03-20 09:43 . 2011-03-20 09:43 -------- d-----w- c:\users\****\AppData\Roaming\HDRsoft 2011-03-09 22:24 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll 2011-03-09 22:24 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-09 22:24 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe 2011-03-09 22:24 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-09 22:24 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll 2011-03-09 22:24 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll 2011-03-09 22:24 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-09 22:24 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll 2011-03-09 22:24 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-09 22:24 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-09 22:24 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll 2011-03-09 22:24 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-03-07 19:36 . 2011-03-07 19:36 -------- d-----w- c:\users\****\AppData\Roaming\Avira 2011-02-27 10:43 . 2011-02-27 10:43 -------- d-----w- c:\users\****\AppData\Roaming\ZoomBrowser EX 2011-02-27 10:37 . 2011-02-27 10:41 -------- d-----w- c:\users\****\AppData\Local\CANON_INC 2011-02-27 10:35 . 2011-02-27 10:35 -------- d-----w- c:\users\****\AppData\Roaming\Canon 2011-02-27 10:33 . 2011-02-27 10:33 -------- d-----w- c:\programdata\ZoomBrowser 2011-02-27 10:32 . 2011-02-27 10:34 -------- d-----w- c:\program files (x86)\Canon 2011-02-27 10:31 . 2011-02-27 10:31 -------- d-----w- c:\program files (x86)\Common Files\Canon . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll 2011-02-26 01:19 . 2011-02-26 01:19 27536 ----a-w- c:\windows\system32\xfcodec64.dll 2011-02-02 20:40 . 2010-04-16 17:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-02-02 16:11 . 2009-10-03 13:10 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-01-18 18:57 . 2009-03-24 20:26 270776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-01-18 18:57 . 2008-04-10 22:00 270776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-01-18 18:56 . 2008-04-10 22:00 215152 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-01-15 13:49 . 2008-04-10 22:00 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-01-08 09:03 . 2011-02-09 20:30 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 08:47 . 2011-02-09 20:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-08 06:45 . 2011-02-09 20:30 367104 ----a-w- c:\windows\system32\atmfd.dll 2011-01-08 06:28 . 2011-02-09 20:30 292352 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-08 03:27 . 2011-02-12 09:09 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-01-08 03:27 . 2011-02-12 09:09 67176 ----a-w- c:\windows\system32\OpenCL.dll 2011-01-08 03:27 . 2011-02-12 09:09 6604904 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-08 03:27 . 2011-02-12 09:09 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-01-08 03:27 . 2011-02-12 09:09 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-01-08 03:27 . 2011-02-12 09:09 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-01-08 03:27 . 2011-02-12 09:09 3112040 ----a-w- c:\windows\system32\nvcuvid.dll 2011-01-08 03:27 . 2011-02-12 09:09 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-01-08 03:27 . 2011-02-12 09:09 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-01-08 03:27 . 2011-02-12 09:09 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-01-08 03:27 . 2011-02-12 09:09 20471912 ----a-w- c:\windows\system32\nvoglv64.dll 2011-01-08 03:27 . 2011-02-12 09:09 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-01-08 03:27 . 2011-02-12 09:09 18580072 ----a-w- c:\windows\system32\nvcompiler.dll 2011-01-08 03:27 . 2011-02-12 09:09 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll 2011-01-08 03:27 . 2011-02-12 09:09 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-01-08 03:27 . 2011-02-12 09:09 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll 2011-01-08 03:27 . 2011-02-12 09:09 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-01-08 03:27 . 2011-02-12 09:09 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-01-08 03:27 . 2011-02-12 09:09 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-01-08 03:27 . 2007-12-11 15:06 2200680 ----a-w- c:\windows\system32\nvapi64.dll 2011-01-08 03:27 . 2007-12-11 15:06 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll 2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll 2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe 2010-12-31 14:16 . 2011-02-09 20:30 2757632 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448] "Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2988488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-11 281768] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-8 113664] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-13 1196048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 gupdate1c9f673eccd7262;Google Update Service (gupdate1c9f673eccd7262);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-26 133104] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x] R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x] R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x] R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x] R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x] R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x] R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x] R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x] R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x] R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x] R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x] R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x] R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x] R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [x] R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [x] R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [x] R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [x] R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [x] R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [x] R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [x] R3 Ser2pl64;Prolific Serial port driver;c:\windows\system32\DRIVERS\ser2pl64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-11 135336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [x] S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\DRIVERS\V0330Vid.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-26 15:36] . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-26 15:36] . 2011-03-28 c:\windows\Tasks\RtlVistaStart.job - c:\program files (x86)\REALTEK PCI&Cardbus Wireless LAN Driver and Utility\RtWLan.exe [2008-04-10 11:11] . 2011-03-28 c:\windows\Tasks\User_Feed_Synchronization-{E6D8AD8D-8C04-436D-8FED-9272D6C69435}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:50] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X] "RtHDVCpl"="RAVCpl64.exe" [2008-02-13 5684736] "Skytel"="Skytel.exe" [2007-11-20 1826816] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 374808] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 3040280] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = %SystemRoot%\system32\blank.htm IE: Free YouTube to Mp3 Converter - c:\users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\v4itc736.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} FF - Ext: Simple Dyyno Launcher: NPDyyno@dyyno.com - %profile%\extensions\NPDyyno@dyyno.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Elf 1.13 Community Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - %profile%\extensions\{b80f591e-fe9a-46cf-a13e-180377240586} FF - Ext: Productivity 2 Community Toolbar: {795828a9-f271-43a8-8536-4484bb991d3d} - %profile%\extensions\{795828a9-f271-43a8-8536-4484bb991d3d} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files (x86)\Google\Google Gears\Firefox FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) Wow6432Node-HKLM-Run-NWEReboot - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe AddRemove-{D6BF6477-8369-489F-8DE6-3731F4B88560} - c:\windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-03-28 21:08:37 ComboFix-quarantined-files.txt 2011-03-28 19:08 . Vor Suchlauf: 12 Verzeichnis(se), 84.154.937.344 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 84.059.504.640 Bytes frei . - - End Of File - - 658092516DFD5ECAE2031098A7799C3C |
Themen zu Trojaner TR/Crypt.XPACK.Gen und viele Fehlermeldungen |
0x00000001, 32-bit, alternate, antivir, avgntflt.sys, avira, c:\windows\system32\services.exe, call of duty, canon, cdburnerxp, conduit, converter, disabletaskmgr, ebay, entfernen, error, excel, excel.exe, failed, firefox, flash player, google, hijack, hijackthis, home, host.exe, install.exe, keine programme, location, media center, mozilla thunderbird, mp3, oldtimer, otl.exe, plug-in, popup, programdata, realtek, remote control, remote software, revo uninstaller, saver, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, skype.exe, software, sparbuch, sptd.sys, start menu, studio, sweetim, syswow64, teamspeak, torrent.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner tr/crypt.xpack.gen, trottel, version., visual studio, world at war |