|
Log-Analyse und Auswertung: Java/Runner.1458 - HJT logfileauswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.03.2011, 19:44 | #1 |
| Java/Runner.1458 - HJT logfileauswertung Hallo, bin neu hier, durch google auf euch aufmerksam geworden. habe durch antivir die meldung bekommen, dass java/runner.1458 gefunden wurde... habe mir nun hjt runtergeladenen und durchlaufen lassen.. kann mir bitte jemand helfen bezügl. der logauswertung, und was ich sonst noch tun kann ? EDIT: Hatte die Forenregeln nicht aufmerksam genug durchgelesen, habe jetzt erfahren, dass man keine hjt-logs posten soll, okay..werde jetzt weiterlesen und dann die ergebnisse der anderen progs posten.. Habe nun etrun otl tfc etc laufen lassen, hier die extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.03.2011 20:05:35 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matthias\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 659,10 Gb Free Space | 70,76% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = BF E0 69 5C 99 46 CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11D203CB-C317-48CF-9223-2A0B13BC9D98}" = lport=137 | protocol=17 | dir=in | app=system | "{1F23AA1F-5D90-4575-B094-35165278D8C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{34712D5C-1EDF-404B-84C2-E7CA32EC284F}" = rport=139 | protocol=6 | dir=out | app=system | "{37DF2716-F059-43FD-8207-7327FC782B85}" = rport=138 | protocol=17 | dir=out | app=system | "{434280A6-1720-4B8B-8D73-FA6E0B455043}" = lport=138 | protocol=17 | dir=in | app=system | "{4B662221-736E-469F-8629-5320420A9AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{57B0B379-52EB-4718-8DCD-A5E33C181D5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5D492C94-2FD8-4E81-A035-43C56BE701ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B80B710-F363-4BEF-98CA-B05C7F158F89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AFCAC2C0-4757-412E-9862-6BE92BCB0B25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{B3F86A8A-CA19-4B53-A1A5-92B7ECA13530}" = rport=445 | protocol=6 | dir=out | app=system | "{C1A1ACD1-C9F6-4B14-944A-8466D23BCDBF}" = lport=2869 | protocol=6 | dir=in | app=system | "{C33637AD-281C-4766-9A9F-7649D3C72942}" = lport=139 | protocol=6 | dir=in | app=system | "{D635EF05-1CBA-46A5-95FD-D0A81F9551C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DD1C3FC9-21EE-4E06-A5BE-86D0DDCBCD22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E74EDDBA-2D6B-4171-952C-7767B5E40AE9}" = rport=10243 | protocol=6 | dir=out | app=system | "{E9701BC8-EFBA-4270-82C0-69A5DC487310}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF75AEF2-408B-4ACF-BE4B-98A67486136A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F1B56667-A9F8-41F7-B3DB-8C88E2F193C4}" = lport=10243 | protocol=6 | dir=in | app=system | "{F32CAF4E-2906-4B0B-8B76-E8BB3CF85FB4}" = lport=2869 | protocol=6 | dir=in | app=system | "{F589AFE0-ED0C-487A-87E4-5F416F7F645F}" = lport=445 | protocol=6 | dir=in | app=system | "{F6B585FC-6714-4461-8765-51F89936EA52}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06D6F543-EC3E-463F-BCB2-3252AC4D6062}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{0C922C4B-96C2-4B85-A039-4C557EA5042A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0EED238A-08CA-4374-A77A-67BB4DCD6E72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1B0836CC-97DB-457C-8ED1-2855FC106F6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1B600E41-6D95-4A5E-9F54-3CD5959AA62E}" = protocol=17 | dir=in | app=c:\program files (x86)\delta force xtreme 2\update.exe | "{1B8F49B2-76F2-41C3-AE6A-D23963DA7123}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1C80E224-27FD-4DA8-B4C4-38175ED85D02}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{1DFEC4E3-A25F-43BA-B85E-3338E2AA4D53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{24AE2CA0-3323-4A09-A52E-00542C71A620}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{29C9FD04-8D2B-4D0A-BCB2-1B1706D2EF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2B3752C9-F6FF-4A2C-9D71-45F3793B792B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{39A671E1-46BE-4BC3-8476-4A3305E9D172}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3D73966A-EE7C-4015-A069-4963975049C4}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2updater.exe | "{46BA0B7B-4194-43A5-AFCA-96DBBA6DE87C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4F133EB1-6D0D-4031-8394-FCA0406F10E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{58410F7A-EF7C-4669-8E0F-D2AE9AE3E877}" = protocol=6 | dir=in | app=c:\program files (x86)\delta force xtreme 2\dfx2.exe | "{5D6647F2-9C6F-4FDB-ACB7-305A23C219BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6100D28B-7F99-4A43-AE72-470D88C0D305}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2updater.exe | "{641A11AE-8A3F-4DD5-9E1D-9014310863FE}" = protocol=6 | dir=in | app=c:\program files (x86)\delta force xtreme 2\update.exe | "{682F9874-A480-44B2-80CD-120BD7B03067}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{69B0CDCD-BEC9-4BFA-8218-12E8E2A58EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{7311A073-AE22-481A-89CE-5F673E334D20}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{776FCAAB-5747-436B-AC03-8DA76C7CE289}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{77C17C82-4584-40E0-9EBC-096B9906438F}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{909A507C-EDA1-4A83-A20D-3227519C52FC}" = protocol=6 | dir=in | app=c:\program files (x86)\call of juarez - bound in blood\cojbibgame_x86.exe | "{99CB4891-6457-4E7E-88D9-C70577347A43}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9C7EB01D-4BB7-4587-A475-3D3D5FF9BC71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A60192FE-7451-4D06-A51D-814D911DD63E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B3156050-4FC3-451E-8975-59D8DD09A158}" = protocol=17 | dir=in | app=c:\program files (x86)\delta force xtreme 2\dfx2.exe | "{BC79F866-AAF4-48C3-BC87-E0918A7DD2D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C3536E41-AE50-4F07-967E-2FC87E644583}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{C36E1B9F-985B-4CD8-8A1C-961BDA414974}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CDD6EA60-6BCD-437A-A745-5F6FEF5E2BB6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{D49D1720-713D-4FE4-A28A-9E1F659ADE52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D9CED760-773E-47E5-B345-20E9E3A61677}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E034FCAE-A08D-4698-B5B2-3072C694BDCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E458A433-691B-4C80-811C-8B579807A14A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9848A1B-381B-48A6-AF3B-727B5B5605CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EE835710-6F7F-40D5-BA76-ECA33145A8D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F5723870-1091-4E4C-9225-F66C29439594}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F6660647-CBC3-4BE2-868E-EDC06D9D7818}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F7FC7123-989A-4631-8C0F-25495B269D72}" = protocol=6 | dir=out | app=system | "{F96AFA2C-7DC0-49B2-AE24-98AF5AF9091B}" = protocol=17 | dir=in | app=c:\program files (x86)\call of juarez - bound in blood\cojbibgame_x86.exe | "{FCD9F0EC-5604-4466-979C-E4FE233931FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "TCP Query User{0CA623E4-692A-4EEB-9973-A588F5360929}C:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe | "TCP Query User{100D6BC7-B91D-4A30-B4B5-1C097F9EF69A}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{20052818-B473-4D65-AD02-94DAC4299D0A}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{2CE50DED-B0B3-4E7C-92D9-DFA3764031E7}C:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe" = protocol=6 | dir=in | app=c:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe | "TCP Query User{406AC241-D829-4CD6-8845-AC253F93A459}C:\program files (x86)\vietcong\vietcong.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vietcong\vietcong.exe | "TCP Query User{4341E897-D2BA-40EE-9D9E-EAC5C8CECFE2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{449339B5-B80B-4856-BC94-19F21E527DD1}C:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe | "TCP Query User{574D88E2-C340-4ACE-B815-3ED03924621E}C:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe | "TCP Query User{60D74AC2-047C-4908-89C0-B4C21D54A476}C:\program files (x86)\routercontrol\routercontrol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\routercontrol\routercontrol.exe | "TCP Query User{622432E8-B151-4F67-A468-73B68DACF245}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{8AEBAD08-44EF-4F89-B7B8-0BB3F2273349}C:\program files (x86)\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\far cry\bin32\farcry.exe | "TCP Query User{A2018276-36BF-4E67-9B11-2075F384BE53}C:\program files (x86)\gta 1\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta 1\gtawin\grand theft auto.exe | "TCP Query User{D613A188-4D8A-42F6-8846-3C54F47859E9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{DFC55674-B75D-4E09-90F1-0DDDBF7A8641}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{0591357E-4900-4B2C-957C-550F82499A26}C:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe | "UDP Query User{0CF5BD33-545F-4B93-8ED8-FD83F1EABB1B}C:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe | "UDP Query User{2D20D7C0-6DC2-4F04-AC92-1C0DCAD09846}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{425107BF-BC3E-4F0B-BA1B-682E94559D40}C:\program files (x86)\routercontrol\routercontrol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\routercontrol\routercontrol.exe | "UDP Query User{4E2581B4-CE97-4C01-8EEF-1683C452EADF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{76179583-3C9E-4CD7-9BEF-DB878B5164AF}C:\program files (x86)\gta 1\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta 1\gtawin\grand theft auto.exe | "UDP Query User{76E2BE5F-D3DB-4D4E-957B-1EA7ED1C5493}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{97177426-85D3-4911-9A0A-ADAC54F5756F}C:\program files (x86)\vietcong\vietcong.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vietcong\vietcong.exe | "UDP Query User{9963B919-7D39-4034-BA14-867B57BE9CAA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{A4712828-F5A0-4DDC-8C12-FDA0790F6302}C:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe | "UDP Query User{A6FE981E-46C1-43CA-BCB7-2C4980B7A96D}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{C7DC35E5-268D-40BA-8C82-18279ABEDF26}C:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe" = protocol=17 | dir=in | app=c:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe | "UDP Query User{C873F64D-771E-48FB-A611-3A0DFB9C3268}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{E89C72B1-3A8E-45B2-A5C6-E2AA07FE7B92}C:\program files (x86)\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\far cry\bin32\farcry.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer "{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client "C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24 "{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{535A4F3D-06C3-446C-A2AA-DBB71EC192B8}" = LightScribe Applications "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.9 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALchemy" = Creative ALchemy "AudioCS" = Creative-Audiokonsole "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "CDex" = CDex - Open Source Digital Audio CD Extractor "C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.0.1.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "ERUNT_is1" = ERUNT 1.1j "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "Grand Theft Auto" = Grand Theft Auto "HijackThis" = HijackThis 2.0.2 "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "IrfanView" = IrfanView (remove only) "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Power DVD Rip Studio_is1" = Power DVD Rip Studio v1.1.7.51 "PROHYBRIDR" = 2007 Microsoft Office system "RouterControl" = RouterControl 2.0 "Steam App 240" = Counter-Strike: Source "Steam App 320" = Half-Life 2: Deathmatch "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Anwendungserkennung ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.02.2011 05:36:36 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 21.02.2011 14:49:03 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 21.02.2011 14:49:07 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 21.02.2011 14:49:09 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 21.02.2011 14:50:45 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 21.02.2011 14:50:46 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 22.02.2011 06:53:33 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 23.02.2011 06:11:27 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 24.02.2011 07:25:57 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 28.02.2011 11:49:17 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 22.03.2011 17:17:51 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 23.03.2011 10:40:04 | Computer Name = Matthias-PC | Source = volsnap | ID = 393236 Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen. Error - 23.03.2011 17:02:28 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 25.03.2011 09:55:54 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 26.03.2011 08:44:51 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 26.03.2011 09:24:17 | Computer Name = Matthias-PC | Source = bowser | ID = 8003 Description = Error - 26.03.2011 09:36:33 | Computer Name = Matthias-PC | Source = DCOM | ID = 10005 Description = Error - 26.03.2011 09:36:34 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7009 Description = Error - 26.03.2011 09:36:34 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 26.03.2011 14:56:18 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7031 Description = < End of report > und die otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.03.2011 20:05:35 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matthias\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 659,10 Gb Free Space | 70,76% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2011.03.24 21:10:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.12.09 19:20:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2009.12.21 06:45:56 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2009.08.05 13:08:08 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.09 12:57:23 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.05.19 12:49:00 | 003,449,344 | ---- | M] (Mirko Böer) -- C:\Program Files (x86)\RouterControl\RouterControl.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.03.12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.03.12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe ========== Modules (SafeList) ========== MOD - [2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll MOD - [2010.04.18 18:33:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2010.01.24 22:05:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll MOD - [2008.01.21 03:51:11 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2006.11.02 09:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.09 19:20:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.28 16:11:42 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.08.05 13:08:08 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.09 12:57:23 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.08 17:13:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2009.12.07 19:38:13 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.07.31 09:55:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2008.10.16 14:08:08 | 000,183,296 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2007.06.13 08:55:56 | 001,272,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17) DRV:64bit: - [2007.01.15 15:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\cmiucr_x64.SYS -- (CMIUCR) DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 21:10:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 14:37:52 | 000,000,000 | ---D | M] [2009.05.12 14:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2011.03.26 14:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions [2010.10.24 20:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.12 19:31:48 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010.07.26 18:00:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.07.13 17:47:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\moveplayer@movenetworks.com [2010.04.12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\BearShareWebSearch.xml [2009.10.06 17:10:14 | 000,000,876 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\conduit.xml [2011.03.24 19:30:25 | 000,000,944 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\icqplugin.xml [2011.03.26 15:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.07 21:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.03.23 22:19:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml [2010.03.23 22:19:46 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.23 22:19:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.23 22:19:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.23 22:19:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O4:64bit: - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe () O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [RouterControl] C:\PROGRA~2\ROUTER~1\ROUTERCONTROL.EXE (Mirko Böer) O4 - HKCU..\Run: [settdebugx.exe] File not found O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.97 217.0.43.113 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O33 - MountPoints2\{5494ab9a-e12c-11df-a596-001fd098b615}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.26 20:02:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.26 20:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.26 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.03.26 19:55:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Matthias\Desktop\Erunt-setup.exe [2011.03.26 19:55:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.03.26 19:55:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\TFC.exe [2011.03.26 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Trust Spacec@m 350 Portable 10_12_2001 [2011.03.26 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.03.26 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Received Files [2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\BearShare [2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\BearShare [2011.03.26 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications [2011.03.26 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\PackageAware [2011.03.07 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.03.07 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.03.04 08:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.02.24 21:58:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2011.02.24 21:58:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2009.07.31 09:55:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Matthias\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2011.03.26 20:02:19 | 000,000,943 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.03.26 20:02:15 | 000,000,763 | ---- | M] () -- C:\Users\Matthias\Desktop\NTREGOPT.lnk [2011.03.26 20:02:15 | 000,000,744 | ---- | M] () -- C:\Users\Matthias\Desktop\ERUNT.lnk [2011.03.26 19:58:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.26 19:58:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.26 19:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.26 19:56:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Matthias\Desktop\Erunt-setup.exe [2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.03.26 19:55:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\TFC.exe [2011.03.26 16:27:42 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.03.26 16:27:42 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.26 16:26:39 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.03.26 14:37:52 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.03.21 19:16:21 | 000,105,607 | ---- | M] () -- C:\Users\Matthias\Desktop\199584_10150454869905537_867485536_17597857_2658710_n.jpg [2011.03.21 19:16:06 | 000,064,524 | ---- | M] () -- C:\Users\Matthias\Desktop\bulldog.jpg [2011.03.17 21:02:18 | 000,081,408 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\Matthias\Desktop\Anleitung.html ========== Files Created - No Company Name ========== [2011.03.26 20:02:19 | 000,000,943 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.03.26 20:02:15 | 000,000,763 | ---- | C] () -- C:\Users\Matthias\Desktop\NTREGOPT.lnk [2011.03.26 20:02:15 | 000,000,744 | ---- | C] () -- C:\Users\Matthias\Desktop\ERUNT.lnk [2011.03.26 14:36:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.03.26 14:36:49 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.03.21 19:16:20 | 000,105,607 | ---- | C] () -- C:\Users\Matthias\Desktop\199584_10150454869905537_867485536_17597857_2658710_n.jpg [2011.03.21 19:16:05 | 000,064,524 | ---- | C] () -- C:\Users\Matthias\Desktop\bulldog.jpg [2011.03.13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\Matthias\Desktop\Anleitung.html [2011.02.24 21:55:35 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2011.02.24 21:55:35 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2011.02.24 21:55:35 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2011.02.24 21:55:35 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2011.02.24 21:55:35 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2011.02.24 21:55:35 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2010.12.10 17:13:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.11.20 13:45:15 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL [2010.11.20 13:44:16 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2010.11.20 13:44:16 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2010.11.20 13:44:16 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2010.11.20 13:44:16 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2010.11.20 13:44:16 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2010.11.20 13:44:16 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2010.05.26 21:57:04 | 000,000,012 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\vqdlkr.dat [2010.05.26 21:57:02 | 000,000,004 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\avdrn.dat [2010.01.10 20:04:55 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini [2009.09.24 16:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.24 16:55:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.09.24 16:54:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.31 09:56:23 | 000,001,044 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\vso_ts_preview.xml [2009.07.31 09:55:42 | 000,099,384 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\inst.exe [2009.07.31 09:55:42 | 000,007,859 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\pcouffin.cat [2009.07.31 09:55:42 | 000,001,167 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\pcouffin.inf [2009.07.17 11:17:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.07.01 11:52:48 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini [2009.05.29 15:09:47 | 000,000,415 | ---- | C] () -- C:\Windows\COVERE~1.INI [2009.05.29 13:47:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.05.29 12:36:06 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.05.24 17:07:45 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2009.05.15 19:39:13 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2009.05.15 19:27:59 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009.05.15 19:27:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.05.13 16:28:25 | 000,001,460 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps64.dat [2009.05.13 16:16:39 | 000,081,408 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.12 15:17:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.05.08 17:24:07 | 001,457,008 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.05.08 17:14:24 | 000,464,384 | ---- | C] () -- C:\Windows\CmiUCRUninstall_x64.exe [2009.05.08 17:14:24 | 000,311,296 | ---- | C] () -- C:\Windows\CmiUCRUninstall.exe [2009.05.08 17:14:24 | 000,000,112 | ---- | C] () -- C:\Windows\CMICARDREADER.INI [2009.05.08 17:14:22 | 000,480,256 | ---- | C] () -- C:\Windows\CmUCREye_x64.exe [2009.05.08 17:14:21 | 000,065,536 | ---- | C] () -- C:\Windows\cmiboot.exe [2009.05.08 17:10:08 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini [2009.05.08 17:09:33 | 000,105,472 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll [2009.05.08 17:09:33 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll [2009.01.22 21:57:48 | 000,001,669 | ---- | C] () -- C:\Windows\P17EP.ini [2009.01.22 21:57:48 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini [2009.01.22 21:57:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll [2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll [2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll [2002.07.05 15:12:06 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\authdvd.dll [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000107.DLL ========== LOP Check ========== [2009.05.14 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo [2009.05.13 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canneverbe_Limited [2010.07.26 18:00:20 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.17 17:30:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2009.06.26 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010.06.30 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\kikin [2010.11.22 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ulead Systems [2010.06.30 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Vso [2011.03.26 19:57:17 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.05.12 14:40:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.12.17 22:03:26 | 000,000,000 | ---D | M] -- C:\1f9699514da1f8c0ffaddd793eab79d4 [2011.01.13 22:37:29 | 000,000,000 | ---D | M] -- C:\8247d2f605c7668ba6e78c [2009.10.06 16:26:08 | 000,000,000 | -HSD | M] -- C:\Boot [2009.05.29 15:18:56 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2011.03.26 19:58:42 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.05.12 14:36:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.05.24 02:43:29 | 000,000,000 | ---D | M] -- C:\Download [2009.05.08 16:53:37 | 000,000,000 | ---D | M] -- C:\Intel [2009.05.08 17:18:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.05.13 16:31:01 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.02.21 19:50:32 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.26 20:02:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.03.26 19:58:41 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.05.12 14:36:15 | 000,000,000 | -HSD | M] -- C:\Programme [2011.03.26 20:07:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.11.12 19:31:49 | 000,000,000 | R--D | M] -- C:\Users [2011.03.26 20:02:47 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ========== [2009.05.29 15:10:20 | 000,000,000 | ---D | M](C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData [2009.05.29 15:10:20 | 000,000,000 | ---D | M](C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData (C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData < End of report > Vielen Dank im Voraus...was kann ich sonst noch tun ? LG lg & danke im voraus doppelpost, sorry, etwas hektisch heute.. |
28.03.2011, 11:09 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Java/Runner.1458 - HJT logfileauswertung Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
28.03.2011, 18:50 | #3 |
| Java/Runner.1458 - HJT logfileauswertung Danke erstmal, hab jetzt Malwarebytes durchlaufen lassen (vollständiger Scan):
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6198 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.03.2011 19:49:49 mbam-log-2011-03-28 (19-49-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 333859 Laufzeit: 54 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Value: settdebugx.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\xxxx\ (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. c:\Users\Matthias\downloads\xxxxxx\(Trojan.Dropper.PGen) -> Quarantined and deleted successfully. c:\Users\Matthias\downloads\xxxxxx\(Trojan.Dropper.PGen) -> Quarantined and deleted successfully. c:\Users\Matthias\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\programdata\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully. |
29.03.2011, 13:00 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Java/Runner.1458 - HJT logfileauswertungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
29.03.2011, 18:56 | #5 |
| Java/Runner.1458 - HJT logfileauswertung Ist die Vorlage für mein Berichtsheft aus der Ausbildung, vom Schulungspc gezogen. Da schlug schon Avira Alarm, als ich das auf meine HDD kopieren wollte, was ich dann dennoch tat. Schulungspc hat keinen Virusschutz... |
29.03.2011, 19:19 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Java/Runner.1458 - HJT logfileauswertung Was für Vorlagen sind das? Dateityp?
__________________ --> Java/Runner.1458 - HJT logfileauswertung |
29.03.2011, 19:30 | #7 |
| Java/Runner.1458 - HJT logfileauswertung IHK-Vorlagen für ein Berichtsheft, das man während der Ausbildung für. Zensiert deswegen, weil der Dateiname meinen Vor- und Zunamen enthielt. Dateityp war .doc oder .docx. LG |
29.03.2011, 19:43 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Java/Runner.1458 - HJT logfileauswertung Wenn die direkt von der IHK kommen, kann ich mir nur schwer vorstellen, dass die wirklich bösartig/virulent sind und eher von einem Fehlalarm ausgehen. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O33 - MountPoints2\{5494ab9a-e12c-11df-a596-001fd098b615}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe O4 - HKCU..\Run: [settdebugx.exe] File not found :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
20.04.2011, 19:39 | #9 | |
| Java/Runner.1458 - HJT logfileauswertung Hallo, sorry erstmal für die sehr späte Rückmeldung. Die Prüfung ist jetzt zum Glück rum, und ich habe wieder einen Kopf für andere Dinge wie z.B. meinen PC Habe den OTL FIX gemacht, das Ergebnis: Zitat:
Zudem habe ich meistens nach dem Reboot das Gefühl, mein Rechner würde irgendetwas arbeiten, ist ordentlich am rumrattern. Malware ? Eben hat er das für ca. ne Stunde gemacht, bis ich den durch OTL geforderten Reboot gemacht habe, gerade ist es nicht mehr zu vernehmen. LG |
21.04.2011, 14:36 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Java/Runner.1458 - HJT logfileauswertung Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.05.2011, 11:47 | #11 | |
| Java/Runner.1458 - HJT logfileauswertung Hallo, danke erstmal. habe den tdss killer ausgeführt, keine funde Zitat:
|
10.05.2011, 11:55 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Java/Runner.1458 - HJT logfileauswertung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Java/Runner.1458 - HJT logfileauswertung |
64-bit, ?????, adobe, antivir, antivir guard, avg, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, call of duty, converter, counter-strike source, decrypter, desktop, eraser, file, google, icq, install.exe, location, lsass.exe, messenger, microsoft, microsoft office 2003, microsoft office word, mp3, neu, nmbgmonitor.exe, nvidia, office 2007, oldtimer, plug-in, programdata, richtlinie, rundll, rundll32, saver, schattenkopien, searchplugins, security, security update, shell32.dll, shortcut, skype.exe, start menu, syswow64, temp, windows, wmp |