Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Java/Runner.1458 - HJT logfileauswertung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.03.2011, 18:44   #1
ricricric
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Hallo, bin neu hier, durch google auf euch aufmerksam geworden.
habe durch antivir die meldung bekommen, dass java/runner.1458 gefunden wurde...
habe mir nun hjt runtergeladenen und durchlaufen lassen..
kann mir bitte jemand helfen bezügl. der logauswertung, und was ich sonst noch tun kann ?

EDIT: Hatte die Forenregeln nicht aufmerksam genug durchgelesen, habe jetzt erfahren, dass man keine hjt-logs posten soll, okay..werde jetzt weiterlesen und dann die ergebnisse der anderen progs posten..
Habe nun etrun otl tfc etc laufen lassen, hier
die extras.txt
OTL Logfile:

Code:
ATTFilter
OTL Extras logfile created on: 26.03.2011 20:05:35 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Matthias\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 659,10 Gb Free Space | 70,76% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = BF E0 69 5C 99 46 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11D203CB-C317-48CF-9223-2A0B13BC9D98}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F23AA1F-5D90-4575-B094-35165278D8C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34712D5C-1EDF-404B-84C2-E7CA32EC284F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{37DF2716-F059-43FD-8207-7327FC782B85}" = rport=138 | protocol=17 | dir=out | app=system | 
"{434280A6-1720-4B8B-8D73-FA6E0B455043}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4B662221-736E-469F-8629-5320420A9AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{57B0B379-52EB-4718-8DCD-A5E33C181D5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5D492C94-2FD8-4E81-A035-43C56BE701ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B80B710-F363-4BEF-98CA-B05C7F158F89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFCAC2C0-4757-412E-9862-6BE92BCB0B25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{B3F86A8A-CA19-4B53-A1A5-92B7ECA13530}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C1A1ACD1-C9F6-4B14-944A-8466D23BCDBF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C33637AD-281C-4766-9A9F-7649D3C72942}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D635EF05-1CBA-46A5-95FD-D0A81F9551C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DD1C3FC9-21EE-4E06-A5BE-86D0DDCBCD22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E74EDDBA-2D6B-4171-952C-7767B5E40AE9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E9701BC8-EFBA-4270-82C0-69A5DC487310}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF75AEF2-408B-4ACF-BE4B-98A67486136A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1B56667-A9F8-41F7-B3DB-8C88E2F193C4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F32CAF4E-2906-4B0B-8B76-E8BB3CF85FB4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F589AFE0-ED0C-487A-87E4-5F416F7F645F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F6B585FC-6714-4461-8765-51F89936EA52}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D6F543-EC3E-463F-BCB2-3252AC4D6062}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{0C922C4B-96C2-4B85-A039-4C557EA5042A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0EED238A-08CA-4374-A77A-67BB4DCD6E72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1B0836CC-97DB-457C-8ED1-2855FC106F6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1B600E41-6D95-4A5E-9F54-3CD5959AA62E}" = protocol=17 | dir=in | app=c:\program files (x86)\delta force xtreme 2\update.exe | 
"{1B8F49B2-76F2-41C3-AE6A-D23963DA7123}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1C80E224-27FD-4DA8-B4C4-38175ED85D02}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{1DFEC4E3-A25F-43BA-B85E-3338E2AA4D53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{24AE2CA0-3323-4A09-A52E-00542C71A620}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{29C9FD04-8D2B-4D0A-BCB2-1B1706D2EF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B3752C9-F6FF-4A2C-9D71-45F3793B792B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{39A671E1-46BE-4BC3-8476-4A3305E9D172}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3D73966A-EE7C-4015-A069-4963975049C4}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2updater.exe | 
"{46BA0B7B-4194-43A5-AFCA-96DBBA6DE87C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4F133EB1-6D0D-4031-8394-FCA0406F10E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{58410F7A-EF7C-4669-8E0F-D2AE9AE3E877}" = protocol=6 | dir=in | app=c:\program files (x86)\delta force xtreme 2\dfx2.exe | 
"{5D6647F2-9C6F-4FDB-ACB7-305A23C219BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6100D28B-7F99-4A43-AE72-470D88C0D305}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2updater.exe | 
"{641A11AE-8A3F-4DD5-9E1D-9014310863FE}" = protocol=6 | dir=in | app=c:\program files (x86)\delta force xtreme 2\update.exe | 
"{682F9874-A480-44B2-80CD-120BD7B03067}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{69B0CDCD-BEC9-4BFA-8218-12E8E2A58EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7311A073-AE22-481A-89CE-5F673E334D20}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{776FCAAB-5747-436B-AC03-8DA76C7CE289}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{77C17C82-4584-40E0-9EBC-096B9906438F}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{909A507C-EDA1-4A83-A20D-3227519C52FC}" = protocol=6 | dir=in | app=c:\program files (x86)\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{99CB4891-6457-4E7E-88D9-C70577347A43}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9C7EB01D-4BB7-4587-A475-3D3D5FF9BC71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A60192FE-7451-4D06-A51D-814D911DD63E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B3156050-4FC3-451E-8975-59D8DD09A158}" = protocol=17 | dir=in | app=c:\program files (x86)\delta force xtreme 2\dfx2.exe | 
"{BC79F866-AAF4-48C3-BC87-E0918A7DD2D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C3536E41-AE50-4F07-967E-2FC87E644583}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{C36E1B9F-985B-4CD8-8A1C-961BDA414974}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CDD6EA60-6BCD-437A-A745-5F6FEF5E2BB6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{D49D1720-713D-4FE4-A28A-9E1F659ADE52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9CED760-773E-47E5-B345-20E9E3A61677}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E034FCAE-A08D-4698-B5B2-3072C694BDCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E458A433-691B-4C80-811C-8B579807A14A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9848A1B-381B-48A6-AF3B-727B5B5605CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE835710-6F7F-40D5-BA76-ECA33145A8D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5723870-1091-4E4C-9225-F66C29439594}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6660647-CBC3-4BE2-868E-EDC06D9D7818}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F7FC7123-989A-4631-8C0F-25495B269D72}" = protocol=6 | dir=out | app=system | 
"{F96AFA2C-7DC0-49B2-AE24-98AF5AF9091B}" = protocol=17 | dir=in | app=c:\program files (x86)\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{FCD9F0EC-5604-4466-979C-E4FE233931FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{0CA623E4-692A-4EEB-9973-A588F5360929}C:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{100D6BC7-B91D-4A30-B4B5-1C097F9EF69A}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{20052818-B473-4D65-AD02-94DAC4299D0A}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{2CE50DED-B0B3-4E7C-92D9-DFA3764031E7}C:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe" = protocol=6 | dir=in | app=c:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe | 
"TCP Query User{406AC241-D829-4CD6-8845-AC253F93A459}C:\program files (x86)\vietcong\vietcong.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vietcong\vietcong.exe | 
"TCP Query User{4341E897-D2BA-40EE-9D9E-EAC5C8CECFE2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{449339B5-B80B-4856-BC94-19F21E527DD1}C:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe | 
"TCP Query User{574D88E2-C340-4ACE-B815-3ED03924621E}C:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{60D74AC2-047C-4908-89C0-B4C21D54A476}C:\program files (x86)\routercontrol\routercontrol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\routercontrol\routercontrol.exe | 
"TCP Query User{622432E8-B151-4F67-A468-73B68DACF245}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8AEBAD08-44EF-4F89-B7B8-0BB3F2273349}C:\program files (x86)\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\far cry\bin32\farcry.exe | 
"TCP Query User{A2018276-36BF-4E67-9B11-2075F384BE53}C:\program files (x86)\gta 1\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta 1\gtawin\grand theft auto.exe | 
"TCP Query User{D613A188-4D8A-42F6-8846-3C54F47859E9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{DFC55674-B75D-4E09-90F1-0DDDBF7A8641}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{0591357E-4900-4B2C-957C-550F82499A26}C:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{0CF5BD33-545F-4B93-8ED8-FD83F1EABB1B}C:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{2D20D7C0-6DC2-4F04-AC92-1C0DCAD09846}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{425107BF-BC3E-4F0B-BA1B-682E94559D40}C:\program files (x86)\routercontrol\routercontrol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\routercontrol\routercontrol.exe | 
"UDP Query User{4E2581B4-CE97-4C01-8EEF-1683C452EADF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{76179583-3C9E-4CD7-9BEF-DB878B5164AF}C:\program files (x86)\gta 1\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta 1\gtawin\grand theft auto.exe | 
"UDP Query User{76E2BE5F-D3DB-4D4E-957B-1EA7ED1C5493}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{97177426-85D3-4911-9A0A-ADAC54F5756F}C:\program files (x86)\vietcong\vietcong.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vietcong\vietcong.exe | 
"UDP Query User{9963B919-7D39-4034-BA14-867B57BE9CAA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{A4712828-F5A0-4DDC-8C12-FDA0790F6302}C:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe | 
"UDP Query User{A6FE981E-46C1-43CA-BCB7-2C4980B7A96D}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{C7DC35E5-268D-40BA-8C82-18279ABEDF26}C:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe" = protocol=17 | dir=in | app=c:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe | 
"UDP Query User{C873F64D-771E-48FB-A611-3A0DFB9C3268}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E89C72B1-3A8E-45B2-A5C6-E2AA07FE7B92}C:\program files (x86)\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\far cry\bin32\farcry.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{535A4F3D-06C3-446C-A2AA-DBB71EC192B8}" = LightScribe Applications
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.9
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CDex" = CDex - Open Source Digital Audio CD Extractor
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.0.1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Grand Theft Auto" = Grand Theft Auto
"HijackThis" = HijackThis 2.0.2
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Power DVD Rip Studio_is1" = Power DVD Rip Studio v1.1.7.51
"PROHYBRIDR" = 2007 Microsoft Office system
"RouterControl" = RouterControl 2.0
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2011 05:36:36 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2011 14:49:03 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 21.02.2011 14:49:07 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 21.02.2011 14:49:09 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 21.02.2011 14:50:45 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 21.02.2011 14:50:46 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 22.02.2011 06:53:33 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.02.2011 06:11:27 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.02.2011 07:25:57 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2011 11:49:17 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.03.2011 17:17:51 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 23.03.2011 10:40:04 | Computer Name = Matthias-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 23.03.2011 17:02:28 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 25.03.2011 09:55:54 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 26.03.2011 08:44:51 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 26.03.2011 09:24:17 | Computer Name = Matthias-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2011 09:36:33 | Computer Name = Matthias-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 26.03.2011 09:36:34 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.03.2011 09:36:34 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.03.2011 14:56:18 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7031
Description = 
 
 
< End of report >
         
--- --- ---


und die otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.03.2011 20:05:35 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Matthias\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 659,10 Gb Free Space | 70,76% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
PRC - [2011.03.24 21:10:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.09 19:20:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.21 06:45:56 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009.08.05 13:08:08 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.09 12:57:23 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.19 12:49:00 | 003,449,344 | ---- | M] (Mirko Böer) -- C:\Program Files (x86)\RouterControl\RouterControl.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.03.12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.03.12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll
MOD - [2010.04.18 18:33:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.01.24 22:05:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2008.01.21 03:51:11 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2006.11.02 09:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.09 19:20:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.28 16:11:42 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.08.05 13:08:08 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 12:57:23 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.08 17:13:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2009.12.07 19:38:13 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.31 09:55:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2008.10.16 14:08:08 | 000,183,296 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007.06.13 08:55:56 | 001,272,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2007.01.15 15:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\cmiucr_x64.SYS -- (CMIUCR)
DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 21:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 14:37:52 | 000,000,000 | ---D | M]
 
[2009.05.12 14:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2011.03.26 14:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions
[2010.10.24 20:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.12 19:31:48 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.07.26 18:00:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.07.13 17:47:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\moveplayer@movenetworks.com
[2010.04.12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\BearShareWebSearch.xml
[2009.10.06 17:10:14 | 000,000,876 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\conduit.xml
[2011.03.24 19:30:25 | 000,000,944 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\icqplugin.xml
[2011.03.26 15:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.07 21:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.03.23 22:19:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2010.03.23 22:19:46 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.23 22:19:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.23 22:19:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.23 22:19:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O4:64bit: - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [RouterControl] C:\PROGRA~2\ROUTER~1\ROUTERCONTROL.EXE (Mirko Böer)
O4 - HKCU..\Run: [settdebugx.exe]  File not found
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.97 217.0.43.113
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{5494ab9a-e12c-11df-a596-001fd098b615}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.26 20:02:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.26 20:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.26 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.03.26 19:55:04 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Matthias\Desktop\Erunt-setup.exe
[2011.03.26 19:55:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2011.03.26 19:55:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\TFC.exe
[2011.03.26 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Trust Spacec@m 350 Portable 10_12_2001
[2011.03.26 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.03.26 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Received Files
[2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\BearShare
[2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\BearShare
[2011.03.26 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
[2011.03.26 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\PackageAware
[2011.03.07 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.07 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.04 08:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.02.24 21:58:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011.02.24 21:58:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2009.07.31 09:55:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Matthias\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.26 20:02:19 | 000,000,943 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.26 20:02:15 | 000,000,763 | ---- | M] () -- C:\Users\Matthias\Desktop\NTREGOPT.lnk
[2011.03.26 20:02:15 | 000,000,744 | ---- | M] () -- C:\Users\Matthias\Desktop\ERUNT.lnk
[2011.03.26 19:58:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 19:58:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 19:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.26 19:56:10 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Matthias\Desktop\Erunt-setup.exe
[2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2011.03.26 19:55:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\TFC.exe
[2011.03.26 16:27:42 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.03.26 16:27:42 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.26 16:26:39 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.03.26 14:37:52 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.21 19:16:21 | 000,105,607 | ---- | M] () -- C:\Users\Matthias\Desktop\199584_10150454869905537_867485536_17597857_2658710_n.jpg
[2011.03.21 19:16:06 | 000,064,524 | ---- | M] () -- C:\Users\Matthias\Desktop\bulldog.jpg
[2011.03.17 21:02:18 | 000,081,408 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\Matthias\Desktop\Anleitung.html
 
========== Files Created - No Company Name ==========
 
[2011.03.26 20:02:19 | 000,000,943 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.26 20:02:15 | 000,000,763 | ---- | C] () -- C:\Users\Matthias\Desktop\NTREGOPT.lnk
[2011.03.26 20:02:15 | 000,000,744 | ---- | C] () -- C:\Users\Matthias\Desktop\ERUNT.lnk
[2011.03.26 14:36:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.03.26 14:36:49 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.21 19:16:20 | 000,105,607 | ---- | C] () -- C:\Users\Matthias\Desktop\199584_10150454869905537_867485536_17597857_2658710_n.jpg
[2011.03.21 19:16:05 | 000,064,524 | ---- | C] () -- C:\Users\Matthias\Desktop\bulldog.jpg
[2011.03.13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\Matthias\Desktop\Anleitung.html
[2011.02.24 21:55:35 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011.02.24 21:55:35 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011.02.24 21:55:35 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011.02.24 21:55:35 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011.02.24 21:55:35 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011.02.24 21:55:35 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010.12.10 17:13:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.20 13:45:15 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL
[2010.11.20 13:44:16 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010.11.20 13:44:16 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010.11.20 13:44:16 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010.11.20 13:44:16 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010.11.20 13:44:16 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010.11.20 13:44:16 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010.05.26 21:57:04 | 000,000,012 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\vqdlkr.dat
[2010.05.26 21:57:02 | 000,000,004 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\avdrn.dat
[2010.01.10 20:04:55 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009.09.24 16:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 16:55:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.24 16:54:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.31 09:56:23 | 000,001,044 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\vso_ts_preview.xml
[2009.07.31 09:55:42 | 000,099,384 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\inst.exe
[2009.07.31 09:55:42 | 000,007,859 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\pcouffin.cat
[2009.07.31 09:55:42 | 000,001,167 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\pcouffin.inf
[2009.07.17 11:17:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.01 11:52:48 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2009.05.29 15:09:47 | 000,000,415 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2009.05.29 13:47:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.29 12:36:06 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.24 17:07:45 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2009.05.15 19:39:13 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.05.15 19:27:59 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.05.15 19:27:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.05.13 16:28:25 | 000,001,460 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps64.dat
[2009.05.13 16:16:39 | 000,081,408 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.12 15:17:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.05.08 17:24:07 | 001,457,008 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.05.08 17:14:24 | 000,464,384 | ---- | C] () -- C:\Windows\CmiUCRUninstall_x64.exe
[2009.05.08 17:14:24 | 000,311,296 | ---- | C] () -- C:\Windows\CmiUCRUninstall.exe
[2009.05.08 17:14:24 | 000,000,112 | ---- | C] () -- C:\Windows\CMICARDREADER.INI
[2009.05.08 17:14:22 | 000,480,256 | ---- | C] () -- C:\Windows\CmUCREye_x64.exe
[2009.05.08 17:14:21 | 000,065,536 | ---- | C] () -- C:\Windows\cmiboot.exe
[2009.05.08 17:10:08 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2009.05.08 17:09:33 | 000,105,472 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll
[2009.05.08 17:09:33 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll
[2009.01.22 21:57:48 | 000,001,669 | ---- | C] () -- C:\Windows\P17EP.ini
[2009.01.22 21:57:48 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2009.01.22 21:57:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002.07.05 15:12:06 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\authdvd.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000107.DLL
 
========== LOP Check ==========
 
[2009.05.14 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo
[2009.05.13 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canneverbe_Limited
[2010.07.26 18:00:20 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.17 17:30:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2009.06.26 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2010.06.30 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\kikin
[2010.11.22 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ulead Systems
[2010.06.30 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Vso
[2011.03.26 19:57:17 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.05.12 14:40:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.17 22:03:26 | 000,000,000 | ---D | M] -- C:\1f9699514da1f8c0ffaddd793eab79d4
[2011.01.13 22:37:29 | 000,000,000 | ---D | M] -- C:\8247d2f605c7668ba6e78c
[2009.10.06 16:26:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.05.29 15:18:56 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2011.03.26 19:58:42 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.05.12 14:36:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.24 02:43:29 | 000,000,000 | ---D | M] -- C:\Download
[2009.05.08 16:53:37 | 000,000,000 | ---D | M] -- C:\Intel
[2009.05.08 17:18:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.05.13 16:31:01 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.02.21 19:50:32 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.26 20:02:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.03.26 19:58:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.05.12 14:36:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.26 20:07:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.12 19:31:49 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.26 20:02:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2009.05.29 15:10:20 | 000,000,000 | ---D | M](C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2009.05.29 15:10:20 | 000,000,000 | ---D | M](C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData
 
< End of report >
         
--- --- ---


Vielen Dank im Voraus...was kann ich sonst noch tun ?
LG

lg & danke im voraus

doppelpost, sorry, etwas hektisch heute..

Alt 28.03.2011, 11:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 28.03.2011, 18:50   #3
ricricric
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Danke erstmal, hab jetzt Malwarebytes durchlaufen lassen (vollständiger Scan):

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6198

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.03.2011 19:49:49
mbam-log-2011-03-28 (19-49-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 333859
Laufzeit: 54 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Value: settdebugx.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\xxxx\ (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Matthias\downloads\xxxxxx\(Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Matthias\downloads\xxxxxx\(Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Matthias\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\programdata\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
         
__________________

Alt 29.03.2011, 13:00   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Zitat:
c:\program files (x86)\xxxx\ (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Matthias\downloads\xxxxxx\(Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Matthias\downloads\xxxxxx\(Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
Ist es das was ich denke was du da da zensiert hast?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2011, 18:56   #5
ricricric
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Ist die Vorlage für mein Berichtsheft aus der Ausbildung, vom Schulungspc gezogen. Da schlug schon Avira Alarm, als ich das auf meine HDD kopieren wollte, was ich dann dennoch tat. Schulungspc hat keinen Virusschutz...


Alt 29.03.2011, 19:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Was für Vorlagen sind das? Dateityp?
__________________
--> Java/Runner.1458 - HJT logfileauswertung

Alt 29.03.2011, 19:30   #7
ricricric
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



IHK-Vorlagen für ein Berichtsheft, das man während der Ausbildung für. Zensiert deswegen, weil der Dateiname meinen Vor- und Zunamen enthielt. Dateityp war .doc oder .docx.

LG

Alt 29.03.2011, 19:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Wenn die direkt von der IHK kommen, kann ich mir nur schwer vorstellen, dass die wirklich bösartig/virulent sind und eher von einem Fehlalarm ausgehen.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{5494ab9a-e12c-11df-a596-001fd098b615}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe
O4 - HKCU..\Run: [settdebugx.exe]  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2011, 19:39   #9
ricricric
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Hallo,

sorry erstmal für die sehr späte Rückmeldung. Die Prüfung ist jetzt zum Glück rum, und ich habe wieder einen Kopf für andere Dinge wie z.B. meinen PC

Habe den OTL FIX gemacht, das Ergebnis:

Zitat:
esses killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File not found.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3031059e-3ef8-11de-9061-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3031059e-3ef8-11de-9061-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5494ab9a-e12c-11df-a596-001fd098b615}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5494ab9a-e12c-11df-a596-001fd098b615}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\settdebugx.exe not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthias
->Temp folder emptied: 20255555 bytes
->Temporary Internet Files folder emptied: 42940523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57296557 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5571 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 761664 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 116,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04202011_203352

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Vielen Dank schonmal für die Hilfe.

Zudem habe ich meistens nach dem Reboot das Gefühl, mein Rechner würde irgendetwas arbeiten, ist ordentlich am rumrattern. Malware ?
Eben hat er das für ca. ne Stunde gemacht, bis ich den durch OTL geforderten Reboot gemacht habe, gerade ist es nicht mehr zu vernehmen.

LG

Alt 21.04.2011, 14:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.05.2011, 11:47   #11
ricricric
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Hallo, danke erstmal.
habe den tdss killer ausgeführt, keine funde

Zitat:
2011/05/10 12:43:54.0947 0608 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 12:43:56.0647 0608 ================================================================================
2011/05/10 12:43:56.0647 0608 SystemInfo:
2011/05/10 12:43:56.0647 0608
2011/05/10 12:43:56.0647 0608 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/10 12:43:56.0647 0608 Product type: Workstation
2011/05/10 12:43:56.0647 0608 ComputerName: MATTHIAS-PC
2011/05/10 12:43:56.0663 0608 UserName: Matthias
2011/05/10 12:43:56.0663 0608 Windows directory: C:\Windows
2011/05/10 12:43:56.0663 0608 System windows directory: C:\Windows
2011/05/10 12:43:56.0663 0608 Running under WOW64
2011/05/10 12:43:56.0663 0608 Processor architecture: Intel x64
2011/05/10 12:43:56.0663 0608 Number of processors: 4
2011/05/10 12:43:56.0663 0608 Page size: 0x1000
2011/05/10 12:43:56.0663 0608 Boot type: Normal boot
2011/05/10 12:43:56.0663 0608 ================================================================================
2011/05/10 12:43:56.0881 0608 Initialize success
2011/05/10 12:44:00.0766 4180 ================================================================================
2011/05/10 12:44:00.0766 4180 Scan started
2011/05/10 12:44:00.0766 4180 Mode: Manual;
2011/05/10 12:44:00.0766 4180 ================================================================================
2011/05/10 12:44:02.0232 4180 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/05/10 12:44:02.0295 4180 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/10 12:44:02.0326 4180 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/10 12:44:02.0373 4180 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/10 12:44:02.0419 4180 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/10 12:44:02.0513 4180 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/05/10 12:44:02.0575 4180 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/10 12:44:02.0591 4180 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/10 12:44:02.0622 4180 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/10 12:44:02.0653 4180 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/10 12:44:02.0700 4180 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/10 12:44:02.0763 4180 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/10 12:44:02.0794 4180 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/10 12:44:02.0841 4180 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/10 12:44:02.0872 4180 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/05/10 12:44:02.0934 4180 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/10 12:44:02.0981 4180 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/10 12:44:03.0028 4180 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/10 12:44:03.0059 4180 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/10 12:44:03.0090 4180 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/10 12:44:03.0121 4180 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/10 12:44:03.0137 4180 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/10 12:44:03.0168 4180 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/10 12:44:03.0199 4180 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/10 12:44:03.0231 4180 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/10 12:44:03.0262 4180 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/10 12:44:03.0309 4180 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/10 12:44:03.0355 4180 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/05/10 12:44:03.0402 4180 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/05/10 12:44:03.0449 4180 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/10 12:44:03.0480 4180 CMIUCR (2c32e2aa8dee735b5af2967c31bf5785) C:\Windows\system32\DRIVERS\cmiucr_x64.SYS
2011/05/10 12:44:03.0511 4180 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/05/10 12:44:03.0543 4180 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/10 12:44:03.0605 4180 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/05/10 12:44:03.0667 4180 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/05/10 12:44:03.0730 4180 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/10 12:44:03.0792 4180 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/10 12:44:03.0823 4180 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/10 12:44:03.0886 4180 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/05/10 12:44:03.0995 4180 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/10 12:44:04.0042 4180 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/10 12:44:04.0089 4180 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/05/10 12:44:04.0120 4180 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/05/10 12:44:04.0167 4180 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/10 12:44:04.0557 4180 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/10 12:44:04.0650 4180 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/10 12:44:04.0681 4180 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/10 12:44:04.0728 4180 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/05/10 12:44:04.0759 4180 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/10 12:44:04.0775 4180 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/10 12:44:04.0806 4180 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/05/10 12:44:04.0884 4180 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/10 12:44:04.0931 4180 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/10 12:44:04.0978 4180 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/05/10 12:44:05.0025 4180 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/10 12:44:05.0071 4180 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/10 12:44:05.0118 4180 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/05/10 12:44:05.0165 4180 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/10 12:44:05.0212 4180 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/10 12:44:05.0259 4180 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/10 12:44:05.0305 4180 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/10 12:44:05.0352 4180 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/10 12:44:05.0383 4180 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/10 12:44:05.0415 4180 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/10 12:44:05.0493 4180 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/10 12:44:05.0524 4180 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/10 12:44:05.0555 4180 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/10 12:44:05.0586 4180 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/10 12:44:05.0602 4180 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/10 12:44:05.0633 4180 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/10 12:44:05.0680 4180 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/10 12:44:05.0711 4180 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/10 12:44:05.0742 4180 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/10 12:44:05.0820 4180 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/10 12:44:05.0836 4180 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/10 12:44:05.0883 4180 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/10 12:44:05.0929 4180 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/10 12:44:05.0961 4180 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/10 12:44:05.0976 4180 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/10 12:44:06.0023 4180 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/10 12:44:06.0054 4180 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/10 12:44:06.0101 4180 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/10 12:44:06.0163 4180 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/10 12:44:06.0195 4180 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/10 12:44:06.0226 4180 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/10 12:44:06.0241 4180 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/10 12:44:06.0257 4180 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/10 12:44:06.0288 4180 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/10 12:44:06.0304 4180 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/10 12:44:06.0351 4180 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/10 12:44:06.0413 4180 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/10 12:44:06.0475 4180 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/10 12:44:06.0507 4180 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/10 12:44:06.0538 4180 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/10 12:44:06.0585 4180 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/05/10 12:44:06.0616 4180 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/10 12:44:06.0663 4180 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/10 12:44:06.0678 4180 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/10 12:44:06.0694 4180 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/10 12:44:06.0725 4180 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/10 12:44:06.0756 4180 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/10 12:44:06.0850 4180 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/10 12:44:06.0865 4180 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/10 12:44:06.0897 4180 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/10 12:44:06.0912 4180 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/05/10 12:44:06.0943 4180 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/10 12:44:07.0053 4180 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/05/10 12:44:07.0068 4180 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/10 12:44:07.0099 4180 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/10 12:44:07.0115 4180 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/10 12:44:07.0146 4180 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/10 12:44:07.0162 4180 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/10 12:44:07.0177 4180 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/10 12:44:07.0224 4180 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/10 12:44:07.0271 4180 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/05/10 12:44:07.0287 4180 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/10 12:44:07.0365 4180 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/05/10 12:44:07.0427 4180 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/10 12:44:07.0583 4180 nvlddmkm (920d4925cd55c988723a0c88b9897cce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/10 12:44:07.0661 4180 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/10 12:44:07.0692 4180 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/10 12:44:07.0739 4180 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/10 12:44:07.0833 4180 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/05/10 12:44:07.0911 4180 P17 (992ca66d3bb2cfd73558739c0ed6691b) C:\Windows\system32\drivers\P17.sys
2011/05/10 12:44:07.0957 4180 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/10 12:44:08.0020 4180 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/05/10 12:44:08.0051 4180 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/05/10 12:44:08.0113 4180 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/10 12:44:08.0145 4180 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/10 12:44:08.0191 4180 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/10 12:44:08.0223 4180 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/10 12:44:08.0285 4180 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/10 12:44:08.0316 4180 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/10 12:44:08.0363 4180 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/10 12:44:08.0410 4180 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/10 12:44:08.0441 4180 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/10 12:44:08.0488 4180 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/10 12:44:08.0503 4180 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/10 12:44:08.0535 4180 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/10 12:44:08.0597 4180 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/10 12:44:08.0613 4180 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/10 12:44:08.0675 4180 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/10 12:44:08.0691 4180 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/10 12:44:08.0737 4180 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/10 12:44:08.0753 4180 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/10 12:44:08.0784 4180 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/05/10 12:44:08.0847 4180 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/10 12:44:08.0878 4180 RTL8169 (0125008d264678a664d9864767984a53) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/05/10 12:44:08.0909 4180 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/10 12:44:08.0956 4180 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/10 12:44:08.0987 4180 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/10 12:44:09.0018 4180 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/10 12:44:09.0065 4180 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/10 12:44:09.0096 4180 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/10 12:44:09.0127 4180 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/10 12:44:09.0143 4180 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/10 12:44:09.0174 4180 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/10 12:44:09.0205 4180 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/10 12:44:09.0221 4180 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/10 12:44:09.0283 4180 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/05/10 12:44:09.0315 4180 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/05/10 12:44:09.0408 4180 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/10 12:44:09.0471 4180 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/10 12:44:09.0486 4180 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/10 12:44:09.0533 4180 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/10 12:44:09.0564 4180 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/10 12:44:09.0595 4180 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/10 12:44:09.0627 4180 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/10 12:44:09.0798 4180 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/05/10 12:44:09.0845 4180 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/10 12:44:09.0907 4180 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/10 12:44:09.0939 4180 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/10 12:44:09.0954 4180 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/10 12:44:10.0017 4180 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/10 12:44:10.0048 4180 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/10 12:44:10.0110 4180 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/10 12:44:10.0126 4180 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/10 12:44:10.0204 4180 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/10 12:44:10.0235 4180 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/10 12:44:10.0282 4180 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/10 12:44:10.0329 4180 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/10 12:44:10.0360 4180 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/10 12:44:10.0438 4180 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/10 12:44:10.0485 4180 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/10 12:44:10.0516 4180 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/10 12:44:10.0563 4180 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/10 12:44:10.0594 4180 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/10 12:44:10.0625 4180 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/10 12:44:10.0672 4180 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/10 12:44:10.0703 4180 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/10 12:44:10.0719 4180 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/05/10 12:44:10.0750 4180 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/10 12:44:10.0765 4180 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/10 12:44:10.0812 4180 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/10 12:44:10.0843 4180 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/10 12:44:10.0859 4180 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/10 12:44:10.0875 4180 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/05/10 12:44:10.0937 4180 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/05/10 12:44:10.0999 4180 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/05/10 12:44:11.0046 4180 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/10 12:44:11.0093 4180 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/10 12:44:11.0124 4180 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 12:44:11.0124 4180 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 12:44:11.0171 4180 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/10 12:44:11.0202 4180 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/10 12:44:11.0280 4180 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/10 12:44:11.0343 4180 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/10 12:44:11.0421 4180 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/10 12:44:11.0499 4180 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/10 12:44:11.0545 4180 ================================================================================
2011/05/10 12:44:11.0545 4180 Scan finished
2011/05/10 12:44:11.0545 4180 ================================================================================

Alt 10.05.2011, 11:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Runner.1458 - HJT logfileauswertung - Standard

Java/Runner.1458 - HJT logfileauswertung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Java/Runner.1458 - HJT logfileauswertung
64-bit, ?????, adobe, antivir, antivir guard, avg, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, call of duty, converter, counter-strike source, decrypter, desktop, eraser, file, google, icq, install.exe, location, lsass.exe, messenger, microsoft, microsoft office 2003, microsoft office word, mp3, neu, nmbgmonitor.exe, nvidia, office 2007, oldtimer, programdata, richtlinie, rundll, rundll32, saver, schattenkopien, searchplugins, security, security update, shell32.dll, shortcut, skype.exe, start menu, syswow64, temp, windows, wmp



Ähnliche Themen: Java/Runner.1458 - HJT logfileauswertung


  1. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  2. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  3. JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (22)
  4. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  5. Logfileauswertung mit OTL
    Log-Analyse und Auswertung - 26.09.2012 (2)
  6. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  7. Logfileauswertung
    Mülltonne - 11.10.2009 (1)
  8. TR/DROPPER.GEN, TR/RUNNER.QC.2, TR/PCK.KRAP.29 und WIN32.DELF.UV
    Log-Analyse und Auswertung - 02.10.2009 (1)
  9. TR/Runner.DM, c:\windows\system32\gwnsbgu.exe
    Plagegeister aller Art und deren Bekämpfung - 04.07.2009 (9)
  10. tr/runner.dk u.a. Trojanaer wie bekomme ich mein Systhem wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2009 (7)
  11. seit Wochen tr/runner auf meinem System
    Log-Analyse und Auswertung - 16.05.2009 (3)
  12. Hijack this und Silent Runner Post pc sauber ?
    Mülltonne - 03.10.2008 (2)
  13. Silent Runner
    Log-Analyse und Auswertung - 09.03.2008 (3)
  14. Logfileauswertung
    Mülltonne - 03.06.2007 (1)
  15. Logfileauswertung
    Log-Analyse und Auswertung - 26.03.2006 (1)
  16. Logfileauswertung
    Log-Analyse und Auswertung - 18.08.2005 (2)
  17. Logfileauswertung
    Log-Analyse und Auswertung - 18.08.2005 (1)

Zum Thema Java/Runner.1458 - HJT logfileauswertung - Hallo, bin neu hier, durch google auf euch aufmerksam geworden. habe durch antivir die meldung bekommen, dass java/runner.1458 gefunden wurde... habe mir nun hjt runtergeladenen und durchlaufen lassen.. kann mir - Java/Runner.1458 - HJT logfileauswertung...
Archiv
Du betrachtest: Java/Runner.1458 - HJT logfileauswertung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.