ricricric | 26.03.2011 19:44 | Java/Runner.1458 - HJT logfileauswertung Hallo, bin neu hier, durch google auf euch aufmerksam geworden.
habe durch antivir die meldung bekommen, dass java/runner.1458 gefunden wurde...
habe mir nun hjt runtergeladenen und durchlaufen lassen..
kann mir bitte jemand helfen bezügl. der logauswertung, und was ich sonst noch tun kann ?
EDIT: Hatte die Forenregeln nicht aufmerksam genug durchgelesen, habe jetzt erfahren, dass man keine hjt-logs posten soll, okay..werde jetzt weiterlesen und dann die ergebnisse der anderen progs posten..
Habe nun etrun otl tfc etc laufen lassen, hier
die extras.txt
OTL Logfile: Code:
OTL Extras logfile created on: 26.03.2011 20:05:35 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matthias\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 659,10 Gb Free Space | 70,76% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BF E0 69 5C 99 46 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11D203CB-C317-48CF-9223-2A0B13BC9D98}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F23AA1F-5D90-4575-B094-35165278D8C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34712D5C-1EDF-404B-84C2-E7CA32EC284F}" = rport=139 | protocol=6 | dir=out | app=system |
"{37DF2716-F059-43FD-8207-7327FC782B85}" = rport=138 | protocol=17 | dir=out | app=system |
"{434280A6-1720-4B8B-8D73-FA6E0B455043}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B662221-736E-469F-8629-5320420A9AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57B0B379-52EB-4718-8DCD-A5E33C181D5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5D492C94-2FD8-4E81-A035-43C56BE701ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B80B710-F363-4BEF-98CA-B05C7F158F89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFCAC2C0-4757-412E-9862-6BE92BCB0B25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B3F86A8A-CA19-4B53-A1A5-92B7ECA13530}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1A1ACD1-C9F6-4B14-944A-8466D23BCDBF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C33637AD-281C-4766-9A9F-7649D3C72942}" = lport=139 | protocol=6 | dir=in | app=system |
"{D635EF05-1CBA-46A5-95FD-D0A81F9551C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DD1C3FC9-21EE-4E06-A5BE-86D0DDCBCD22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E74EDDBA-2D6B-4171-952C-7767B5E40AE9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E9701BC8-EFBA-4270-82C0-69A5DC487310}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF75AEF2-408B-4ACF-BE4B-98A67486136A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1B56667-A9F8-41F7-B3DB-8C88E2F193C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F32CAF4E-2906-4B0B-8B76-E8BB3CF85FB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F589AFE0-ED0C-487A-87E4-5F416F7F645F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6B585FC-6714-4461-8765-51F89936EA52}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D6F543-EC3E-463F-BCB2-3252AC4D6062}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{0C922C4B-96C2-4B85-A039-4C557EA5042A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EED238A-08CA-4374-A77A-67BB4DCD6E72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B0836CC-97DB-457C-8ED1-2855FC106F6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B600E41-6D95-4A5E-9F54-3CD5959AA62E}" = protocol=17 | dir=in | app=c:\program files (x86)\delta force xtreme 2\update.exe |
"{1B8F49B2-76F2-41C3-AE6A-D23963DA7123}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1C80E224-27FD-4DA8-B4C4-38175ED85D02}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{1DFEC4E3-A25F-43BA-B85E-3338E2AA4D53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24AE2CA0-3323-4A09-A52E-00542C71A620}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{29C9FD04-8D2B-4D0A-BCB2-1B1706D2EF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B3752C9-F6FF-4A2C-9D71-45F3793B792B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39A671E1-46BE-4BC3-8476-4A3305E9D172}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D73966A-EE7C-4015-A069-4963975049C4}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2updater.exe |
"{46BA0B7B-4194-43A5-AFCA-96DBBA6DE87C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F133EB1-6D0D-4031-8394-FCA0406F10E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58410F7A-EF7C-4669-8E0F-D2AE9AE3E877}" = protocol=6 | dir=in | app=c:\program files (x86)\delta force xtreme 2\dfx2.exe |
"{5D6647F2-9C6F-4FDB-ACB7-305A23C219BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6100D28B-7F99-4A43-AE72-470D88C0D305}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2updater.exe |
"{641A11AE-8A3F-4DD5-9E1D-9014310863FE}" = protocol=6 | dir=in | app=c:\program files (x86)\delta force xtreme 2\update.exe |
"{682F9874-A480-44B2-80CD-120BD7B03067}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{69B0CDCD-BEC9-4BFA-8218-12E8E2A58EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7311A073-AE22-481A-89CE-5F673E334D20}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{776FCAAB-5747-436B-AC03-8DA76C7CE289}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{77C17C82-4584-40E0-9EBC-096B9906438F}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{909A507C-EDA1-4A83-A20D-3227519C52FC}" = protocol=6 | dir=in | app=c:\program files (x86)\call of juarez - bound in blood\cojbibgame_x86.exe |
"{99CB4891-6457-4E7E-88D9-C70577347A43}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9C7EB01D-4BB7-4587-A475-3D3D5FF9BC71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A60192FE-7451-4D06-A51D-814D911DD63E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B3156050-4FC3-451E-8975-59D8DD09A158}" = protocol=17 | dir=in | app=c:\program files (x86)\delta force xtreme 2\dfx2.exe |
"{BC79F866-AAF4-48C3-BC87-E0918A7DD2D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3536E41-AE50-4F07-967E-2FC87E644583}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{C36E1B9F-985B-4CD8-8A1C-961BDA414974}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDD6EA60-6BCD-437A-A745-5F6FEF5E2BB6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D49D1720-713D-4FE4-A28A-9E1F659ADE52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9CED760-773E-47E5-B345-20E9E3A61677}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E034FCAE-A08D-4698-B5B2-3072C694BDCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E458A433-691B-4C80-811C-8B579807A14A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9848A1B-381B-48A6-AF3B-727B5B5605CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE835710-6F7F-40D5-BA76-ECA33145A8D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5723870-1091-4E4C-9225-F66C29439594}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6660647-CBC3-4BE2-868E-EDC06D9D7818}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7FC7123-989A-4631-8C0F-25495B269D72}" = protocol=6 | dir=out | app=system |
"{F96AFA2C-7DC0-49B2-AE24-98AF5AF9091B}" = protocol=17 | dir=in | app=c:\program files (x86)\call of juarez - bound in blood\cojbibgame_x86.exe |
"{FCD9F0EC-5604-4466-979C-E4FE233931FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{0CA623E4-692A-4EEB-9973-A588F5360929}C:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe |
"TCP Query User{100D6BC7-B91D-4A30-B4B5-1C097F9EF69A}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{20052818-B473-4D65-AD02-94DAC4299D0A}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{2CE50DED-B0B3-4E7C-92D9-DFA3764031E7}C:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe" = protocol=6 | dir=in | app=c:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe |
"TCP Query User{406AC241-D829-4CD6-8845-AC253F93A459}C:\program files (x86)\vietcong\vietcong.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vietcong\vietcong.exe |
"TCP Query User{4341E897-D2BA-40EE-9D9E-EAC5C8CECFE2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{449339B5-B80B-4856-BC94-19F21E527DD1}C:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe |
"TCP Query User{574D88E2-C340-4ACE-B815-3ED03924621E}C:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{60D74AC2-047C-4908-89C0-B4C21D54A476}C:\program files (x86)\routercontrol\routercontrol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\routercontrol\routercontrol.exe |
"TCP Query User{622432E8-B151-4F67-A468-73B68DACF245}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8AEBAD08-44EF-4F89-B7B8-0BB3F2273349}C:\program files (x86)\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\far cry\bin32\farcry.exe |
"TCP Query User{A2018276-36BF-4E67-9B11-2075F384BE53}C:\program files (x86)\gta 1\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta 1\gtawin\grand theft auto.exe |
"TCP Query User{D613A188-4D8A-42F6-8846-3C54F47859E9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{DFC55674-B75D-4E09-90F1-0DDDBF7A8641}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{0591357E-4900-4B2C-957C-550F82499A26}C:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{0CF5BD33-545F-4B93-8ED8-FD83F1EABB1B}C:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\half-life 2 deathmatch\hl2.exe |
"UDP Query User{2D20D7C0-6DC2-4F04-AC92-1C0DCAD09846}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{425107BF-BC3E-4F0B-BA1B-682E94559D40}C:\program files (x86)\routercontrol\routercontrol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\routercontrol\routercontrol.exe |
"UDP Query User{4E2581B4-CE97-4C01-8EEF-1683C452EADF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{76179583-3C9E-4CD7-9BEF-DB878B5164AF}C:\program files (x86)\gta 1\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta 1\gtawin\grand theft auto.exe |
"UDP Query User{76E2BE5F-D3DB-4D4E-957B-1EA7ED1C5493}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{97177426-85D3-4911-9A0A-ADAC54F5756F}C:\program files (x86)\vietcong\vietcong.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vietcong\vietcong.exe |
"UDP Query User{9963B919-7D39-4034-BA14-867B57BE9CAA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{A4712828-F5A0-4DDC-8C12-FDA0790F6302}C:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maaatze\counter-strike source\hl2.exe |
"UDP Query User{A6FE981E-46C1-43CA-BCB7-2C4980B7A96D}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{C7DC35E5-268D-40BA-8C82-18279ABEDF26}C:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe" = protocol=17 | dir=in | app=c:\users\matthias\downloads\cryptload_1.1.6\cryptload_1.1.6\routerclient.exe |
"UDP Query User{C873F64D-771E-48FB-A611-3A0DFB9C3268}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E89C72B1-3A8E-45B2-A5C6-E2AA07FE7B92}C:\program files (x86)\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\far cry\bin32\farcry.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{535A4F3D-06C3-446C-A2AA-DBB71EC192B8}" = LightScribe Applications
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.9
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CDex" = CDex - Open Source Digital Audio CD Extractor
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.0.1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Grand Theft Auto" = Grand Theft Auto
"HijackThis" = HijackThis 2.0.2
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Power DVD Rip Studio_is1" = Power DVD Rip Studio v1.1.7.51
"PROHYBRIDR" = 2007 Microsoft Office system
"RouterControl" = RouterControl 2.0
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.02.2011 05:36:36 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2011 14:49:03 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 21.02.2011 14:49:07 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 21.02.2011 14:49:09 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 21.02.2011 14:50:45 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 21.02.2011 14:50:46 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_eraser.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 22.02.2011 06:53:33 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2011 06:11:27 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2011 07:25:57 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2011 11:49:17 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 22.03.2011 17:17:51 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 23.03.2011 10:40:04 | Computer Name = Matthias-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 23.03.2011 17:02:28 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 25.03.2011 09:55:54 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 26.03.2011 08:44:51 | Computer Name = Matthias-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 26.03.2011 09:24:17 | Computer Name = Matthias-PC | Source = bowser | ID = 8003
Description =
Error - 26.03.2011 09:36:33 | Computer Name = Matthias-PC | Source = DCOM | ID = 10005
Description =
Error - 26.03.2011 09:36:34 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 26.03.2011 09:36:34 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.03.2011 14:56:18 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report > --- --- ---
und die otl.txt
OTL Logfile: Code:
OTL logfile created on: 26.03.2011 20:05:35 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matthias\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 659,10 Gb Free Space | 70,76% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
PRC - [2011.03.24 21:10:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.09 19:20:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.21 06:45:56 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009.08.05 13:08:08 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.09 12:57:23 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.19 12:49:00 | 003,449,344 | ---- | M] (Mirko Böer) -- C:\Program Files (x86)\RouterControl\RouterControl.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.03.12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.03.12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
========== Modules (SafeList) ==========
MOD - [2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll
MOD - [2010.04.18 18:33:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.01.24 22:05:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2008.01.21 03:51:11 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2006.11.02 09:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.12.09 19:20:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.28 16:11:42 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.08.05 13:08:08 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 12:57:23 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.08 17:13:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2009.12.07 19:38:13 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.31 09:55:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2008.10.16 14:08:08 | 000,183,296 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007.06.13 08:55:56 | 001,272,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2007.01.15 15:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\cmiucr_x64.SYS -- (CMIUCR)
DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 21:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 14:37:52 | 000,000,000 | ---D | M]
[2009.05.12 14:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2011.03.26 14:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions
[2010.10.24 20:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.12 19:31:48 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.07.26 18:00:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.07.13 17:47:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\qz1zjgjf.default\extensions\moveplayer@movenetworks.com
[2010.04.12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\BearShareWebSearch.xml
[2009.10.06 17:10:14 | 000,000,876 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\conduit.xml
[2011.03.24 19:30:25 | 000,000,944 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\qz1zjgjf.default\searchplugins\icqplugin.xml
[2011.03.26 15:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.07 21:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.03.23 22:19:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2010.03.23 22:19:46 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.23 22:19:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.23 22:19:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.23 22:19:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O4:64bit: - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [RouterControl] C:\PROGRA~2\ROUTER~1\ROUTERCONTROL.EXE (Mirko Böer)
O4 - HKCU..\Run: [settdebugx.exe] File not found
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.97 217.0.43.113
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3031059e-3ef8-11de-9061-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{5494ab9a-e12c-11df-a596-001fd098b615}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.03.26 20:02:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.26 20:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.26 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.03.26 19:55:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Matthias\Desktop\Erunt-setup.exe
[2011.03.26 19:55:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2011.03.26 19:55:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\TFC.exe
[2011.03.26 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Trust Spacec@m 350 Portable 10_12_2001
[2011.03.26 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.03.26 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Received Files
[2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\BearShare
[2011.03.26 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\BearShare
[2011.03.26 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
[2011.03.26 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\PackageAware
[2011.03.07 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.07 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.04 08:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.02.24 21:58:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011.02.24 21:58:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2009.07.31 09:55:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Matthias\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011.03.26 20:02:19 | 000,000,943 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.26 20:02:15 | 000,000,763 | ---- | M] () -- C:\Users\Matthias\Desktop\NTREGOPT.lnk
[2011.03.26 20:02:15 | 000,000,744 | ---- | M] () -- C:\Users\Matthias\Desktop\ERUNT.lnk
[2011.03.26 19:58:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 19:58:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 19:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.26 19:56:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Matthias\Desktop\Erunt-setup.exe
[2011.03.26 19:55:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2011.03.26 19:55:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\TFC.exe
[2011.03.26 16:27:42 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.03.26 16:27:42 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.26 16:26:39 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.03.26 14:37:52 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.21 19:16:21 | 000,105,607 | ---- | M] () -- C:\Users\Matthias\Desktop\199584_10150454869905537_867485536_17597857_2658710_n.jpg
[2011.03.21 19:16:06 | 000,064,524 | ---- | M] () -- C:\Users\Matthias\Desktop\bulldog.jpg
[2011.03.17 21:02:18 | 000,081,408 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\Matthias\Desktop\Anleitung.html
========== Files Created - No Company Name ==========
[2011.03.26 20:02:19 | 000,000,943 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.26 20:02:15 | 000,000,763 | ---- | C] () -- C:\Users\Matthias\Desktop\NTREGOPT.lnk
[2011.03.26 20:02:15 | 000,000,744 | ---- | C] () -- C:\Users\Matthias\Desktop\ERUNT.lnk
[2011.03.26 14:36:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.03.26 14:36:49 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.21 19:16:20 | 000,105,607 | ---- | C] () -- C:\Users\Matthias\Desktop\199584_10150454869905537_867485536_17597857_2658710_n.jpg
[2011.03.21 19:16:05 | 000,064,524 | ---- | C] () -- C:\Users\Matthias\Desktop\bulldog.jpg
[2011.03.13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\Matthias\Desktop\Anleitung.html
[2011.02.24 21:55:35 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011.02.24 21:55:35 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011.02.24 21:55:35 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011.02.24 21:55:35 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011.02.24 21:55:35 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011.02.24 21:55:35 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010.12.10 17:13:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.20 13:45:15 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL
[2010.11.20 13:44:16 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010.11.20 13:44:16 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010.11.20 13:44:16 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010.11.20 13:44:16 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010.11.20 13:44:16 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010.11.20 13:44:16 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010.05.26 21:57:04 | 000,000,012 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\vqdlkr.dat
[2010.05.26 21:57:02 | 000,000,004 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\avdrn.dat
[2010.01.10 20:04:55 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009.09.24 16:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 16:55:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.24 16:54:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.31 09:56:23 | 000,001,044 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\vso_ts_preview.xml
[2009.07.31 09:55:42 | 000,099,384 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\inst.exe
[2009.07.31 09:55:42 | 000,007,859 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\pcouffin.cat
[2009.07.31 09:55:42 | 000,001,167 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\pcouffin.inf
[2009.07.17 11:17:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.01 11:52:48 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2009.05.29 15:09:47 | 000,000,415 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2009.05.29 13:47:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.29 12:36:06 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.24 17:07:45 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2009.05.15 19:39:13 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.05.15 19:27:59 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.05.15 19:27:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.05.13 16:28:25 | 000,001,460 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps64.dat
[2009.05.13 16:16:39 | 000,081,408 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.12 15:17:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.05.08 17:24:07 | 001,457,008 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.05.08 17:14:24 | 000,464,384 | ---- | C] () -- C:\Windows\CmiUCRUninstall_x64.exe
[2009.05.08 17:14:24 | 000,311,296 | ---- | C] () -- C:\Windows\CmiUCRUninstall.exe
[2009.05.08 17:14:24 | 000,000,112 | ---- | C] () -- C:\Windows\CMICARDREADER.INI
[2009.05.08 17:14:22 | 000,480,256 | ---- | C] () -- C:\Windows\CmUCREye_x64.exe
[2009.05.08 17:14:21 | 000,065,536 | ---- | C] () -- C:\Windows\cmiboot.exe
[2009.05.08 17:10:08 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2009.05.08 17:09:33 | 000,105,472 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll
[2009.05.08 17:09:33 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll
[2009.01.22 21:57:48 | 000,001,669 | ---- | C] () -- C:\Windows\P17EP.ini
[2009.01.22 21:57:48 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2009.01.22 21:57:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002.07.05 15:12:06 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\authdvd.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000107.DLL
========== LOP Check ==========
[2009.05.14 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo
[2009.05.13 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canneverbe_Limited
[2010.07.26 18:00:20 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.17 17:30:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2009.06.26 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2010.06.30 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\kikin
[2010.11.22 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ulead Systems
[2010.06.30 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Vso
[2011.03.26 19:57:17 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009.05.12 14:40:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.17 22:03:26 | 000,000,000 | ---D | M] -- C:\1f9699514da1f8c0ffaddd793eab79d4
[2011.01.13 22:37:29 | 000,000,000 | ---D | M] -- C:\8247d2f605c7668ba6e78c
[2009.10.06 16:26:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.05.29 15:18:56 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2011.03.26 19:58:42 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.05.12 14:36:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.24 02:43:29 | 000,000,000 | ---D | M] -- C:\Download
[2009.05.08 16:53:37 | 000,000,000 | ---D | M] -- C:\Intel
[2009.05.08 17:18:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.05.13 16:31:01 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.02.21 19:50:32 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.26 20:02:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.03.26 19:58:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.05.12 14:36:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.26 20:07:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.12 19:31:49 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.26 20:02:47 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: USERINIT.EXE >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Files - Unicode (All) ==========
[2009.05.29 15:10:20 | 000,000,000 | ---D | M](C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2009.05.29 15:10:20 | 000,000,000 | ---D | M](C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\Matthias\AppData\Roaming\???????sAppData) -- C:\Users\Matthias\AppData\Roaming\敎潲䍄敔灭慬整sAppData
< End of report > --- --- ---
Vielen Dank im Voraus...was kann ich sonst noch tun ?
LG
lg & danke im voraus
doppelpost, sorry, etwas hektisch heute.. |