Spriggan282 | 13.11.2012 18:54 | Polizei Trojaner(Österreich) Log auswertung Hallo erstmal !
Will gleich zur Sache kommen, habe wie im Titel schon angegeben
einen Trojaner und hoffe mit eurer Hilfe das nervende Pferd los zu werden!
Bitte um weitere Instruktionen !? :confused:
Hier die OTL Log: Code:
OTL logfile created on: 13.11.2012 18:21:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exodus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,57% Memory free
4,24 Gb Paging File | 3,22 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,16 Gb Total Space | 58,21 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 216,40 Gb Total Space | 81,02 Gb Free Space | 37,44% Space Free | Partition Type: NTFS
Drive L: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: EXODUS-PC | User Name: Exodus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Exodus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\JDownloader\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Desura Install Service) -- C:\Programme\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys ()
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121027.002\IDSvix86.sys (Symantec Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1309000.009\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1309000.009\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1309000.009\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1309000.009\symefa.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1309000.009\symtdiv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1309000.009\ironx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1309000.009\symds.sys (Symantec Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D B1 68 3E BC C1 CD 01 [binary data]
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E8AEDDE5-5128-4F3E-8D4F-52B1CB04808E}&mid=d9ceb2f73dc847d0aef2d168c3e36fef-06ce4fc639803a2e3563922518183d8e94088cb9&lang=de&ds=AVG&pr=pr&d=2012-10-01 13:21:05&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.11.12 00:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 01:53:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 01:53:30 | 000,000,000 | ---D | M]
[2012.07.27 19:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Extensions
[2012.10.23 16:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions
[2012.08.19 20:06:39 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions\battlefieldheroespatcher@ea.com
[2012.10.30 01:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.30 01:53:28 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.10.30 01:53:37 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.16 01:03:52 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.10.01 12:21:00 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.04 21:46:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.26 20:10:26 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{369B177D-2325-4961-8CCF-0552EA4B77F7}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.10.10 13:01:08 | 000,000,051 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.13 18:20:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe
[2012.11.13 17:30:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.12 00:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.11 22:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.11.11 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.11.11 22:20:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.09 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\BitTorrent
[2012.11.07 23:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2012.11.01 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\Arktos
[2012.11.01 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Exodus\Documents\Arktos
[2012.11.01 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\CrashRpt
[2012.10.30 18:15:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.10.30 18:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012.10.30 01:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.27 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\uTorrent
[2012.10.21 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P
[2012.10.21 01:41:55 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\Dwarfs
========== Files - Modified Within 30 Days ==========
[2012.11.13 18:20:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe
[2012.11.13 18:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.13 17:57:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000UA.job
[2012.11.13 17:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.13 17:31:10 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.13 17:30:48 | 000,000,774 | ---- | M] () -- C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.13 17:30:46 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.13 17:23:52 | 000,002,337 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.11.13 17:23:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.13 17:23:45 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 17:23:45 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 17:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.13 17:23:39 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.12 22:54:37 | 000,051,712 | ---- | M] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.12 13:57:03 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000Core.job
[2012.11.12 00:28:29 | 001,642,787 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\Cat.DB
[2012.11.11 22:11:13 | 000,000,680 | ---- | M] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat
[2012.11.11 14:37:17 | 005,946,014 | ---- | M] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3
[2012.11.09 19:23:07 | 094,721,516 | ---- | M] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3
[2012.11.06 19:21:28 | 007,605,312 | ---- | M] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3
[2012.11.06 19:18:13 | 005,683,669 | ---- | M] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3
[2012.10.28 00:51:11 | 000,000,104 | ---- | M] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk
[2012.10.26 17:26:57 | 186,464,390 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.16 11:29:46 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\VT20121008.022
========== Files Created - No Company Name ==========
[2012.11.13 17:30:48 | 000,000,774 | ---- | C] () -- C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.12 00:08:54 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.11 22:00:45 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.11 14:37:00 | 005,946,014 | ---- | C] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3
[2012.11.09 19:18:14 | 094,721,516 | ---- | C] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3
[2012.11.06 19:21:15 | 007,605,312 | ---- | C] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3
[2012.11.06 19:18:05 | 005,683,669 | ---- | C] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3
[2012.10.28 00:51:11 | 000,000,104 | ---- | C] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk
[2012.10.13 17:29:01 | 000,086,704 | ---- | C] () -- C:\Users\Exodus\tumblr_m1nwebxpUq1r5u0t3.png
[2012.10.07 09:53:09 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.10.03 18:50:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.10.03 13:04:28 | 000,071,372 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.09.03 19:44:33 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012.09.03 19:44:10 | 000,216,158 | ---- | C] () -- C:\Users\Exodus\AppData\Local\census.cache
[2012.09.03 19:43:54 | 000,149,652 | ---- | C] () -- C:\Users\Exodus\AppData\Local\ars.cache
[2012.09.03 19:34:52 | 000,000,036 | ---- | C] () -- C:\Users\Exodus\AppData\Local\housecall.guid.cache
[2012.08.30 08:20:09 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\windrv32.sys
[2012.08.25 10:38:54 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbros.sys
[2012.08.24 12:13:02 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\ztddttud.sys
[2012.08.21 11:38:45 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbras.sys
[2012.08.20 02:28:25 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.08.20 02:28:25 | 000,138,056 | ---- | C] () -- C:\Users\Exodus\AppData\Roaming\PnkBstrK.sys
[2012.08.20 02:28:07 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.08.20 02:28:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.08.06 12:07:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.07.28 23:11:47 | 000,051,712 | ---- | C] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.28 15:04:28 | 003,495,784 | ---- | C] () -- C:\Windows\System32\d3dx9_33.dll
[2012.07.28 12:19:16 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.07.27 19:49:44 | 000,000,680 | ---- | C] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2011.11.18 21:23:34 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@
[2012.10.01 14:11:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L
[2012.10.01 15:29:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\U
[2012.10.01 15:06:33 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L\00000004.@
[2012.10.01 12:42:26 | 000,002,048 | -HS- | M] () -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@
[2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L
[2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\U
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll\system32\wbem\wbemess.dll
"ThreadingModel" = Apartment
========== LOP Check ==========
[2012.10.06 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\.minecraft
[2012.09.19 23:30:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Audacity
[2012.07.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\avidemux
[2012.08.06 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Awesomium
[2012.07.27 20:02:04 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Babylon
[2012.11.11 22:48:42 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\BitTorrent
[2012.11.11 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DAEMON Tools Pro
[2012.08.02 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DVDVideoSoft
[2012.11.03 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Dwarfs
[2012.10.21 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P
[2012.10.01 15:20:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FixZeroAccess
[2012.09.02 23:44:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FRITZ!
[2012.08.22 01:50:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Gyazo
[2012.09.24 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\LS
[2012.09.04 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Mount&Blade Warband
[2012.10.02 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\OnLive App
[2012.08.23 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\RotMG.Production
[2012.08.04 11:24:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\TEdit
[2012.08.20 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Unity
[2012.11.12 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report > Code:
OTL Extras logfile created on: 13.11.2012 18:21:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exodus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,57% Memory free
4,24 Gb Paging File | 3,22 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,16 Gb Total Space | 58,21 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 216,40 Gb Total Space | 81,02 Gb Free Space | 37,44% Space Free | Partition Type: NTFS
Drive L: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: EXODUS-PC | User Name: Exodus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Exodus\M-10-7960-8588-3464\winsvc.exe" = C:\Users\Exodus\M-10-7960-8588-3464\winsvc.exe:*:Enabled:Microsoft Windows Service
"C:\Users\Exodus\M-50-8964-7854-4678\winmgr.exe" = C:\Users\Exodus\M-50-8964-7854-4678\winmgr.exe:*:Enabled:Microsoft Windows Manager
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}" = Nero Burning ROM 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{77D5EF75-EB85-4C19-879B-D997E80FF40E}" = UPC Konfigurator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.9
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB87D276-2F4A-453A-A2D8-D597927C59A0}" = Tabellenbuch Metall digital 6.0
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BYOND" = BYOND
"DAEMON Tools Pro" = DAEMON Tools Pro
"Desura" = Desura
"Desura_18829136625680" = Desura: Black Mesa
"Desura_40965398069264" = Desura: Half-Life 2: Wars
"Deus Ex" = Deus Ex
"Fraps" = Fraps (remove only)
"HDTP" = Deus Ex - HDTP
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"NAV" = Norton AntiVirus
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OnLive" = OnLive
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rechenbuch Metall_is1" = Bilder-CD für Rechenbuch Metall, 30. Aufl - Einzellizenz
"Steam App 105600" = Terraria
"Steam App 17700" = Insurgency
"Steam App 17740" = Empires
"Steam App 200210" = Realm of the Mad God
"Steam App 212800" = Super Crate Box
"Steam App 213650" = Dwarfs F2P
"Steam App 214850" = GameMaker: Studio
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 31270" = Puzzle Agent
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 6100" = Eets
"Steam App 630" = Alien Swarm
"Steam App 70" = Half-Life
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 99900" = Spiral Knights
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Walking Dead Episode 3 (c) TellTale Games_is1" = The Walking Dead Episode 3 (c) TellTale Games version 1
"The Walking Dead Episode 4 (c) Telltale Games_is1" = The Walking Dead Episode 4 (c) Telltale Games version 1
"UPC Konfigurator" = UPC Konfigurator
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.11.2012 19:12:16 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 12.11.2012 08:57:36 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 12.11.2012 08:59:09 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 12.11.2012 13:21:04 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1446.623, Zeitstempel
0x5004ae1a, fehlerhaftes Modul steamclient.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x509d88e5, Ausnahmecode 0xc0000005, Fehleroffset 0x38128865, Prozess-ID 0x22c0,
Anwendungsstartzeit 01cdc0f40a07445d.
Error - 12.11.2012 13:21:08 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1446.623, Zeitstempel
0x5004ae1a, fehlerhaftes Modul steamservice.dll, Version 1.57.74.6, Zeitstempel
0x509d888a, Ausnahmecode 0xc0000005, Fehleroffset 0x000072d6, Prozess-ID 0x22c0,
Anwendungsstartzeit 01cdc0f40a07445d.
Error - 12.11.2012 14:12:02 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_RpcSs, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel
0x49f05bcc, Ausnahmecode 0xc0000005, Fehleroffset 0x000132f3, Prozess-ID 0x3b4, Anwendungsstartzeit
01cdc0d5180d4ef9.
Error - 12.11.2012 14:14:47 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 12.11.2012 14:16:47 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 13.11.2012 12:24:09 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 13.11.2012 12:26:06 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
[ System Events ]
Error - 11.11.2012 18:54:49 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:00:07 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:05:44 | Computer Name = Exodus-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 11.11.2012 19:07:05 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:15 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:17 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:21 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:22 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 12.11.2012 11:54:29 | Computer Name = Exodus-PC | Source = bowser | ID = 8003
Description =
Error - 12.11.2012 14:12:22 | Computer Name = Exodus-PC | Source = WinHttpAutoProxySvc | ID = 12506
Description = Der WinHTTP-Web Proxy Auto-Discovery-Dienst ist auf einen Systemfehler
von RpcEpRegisterW() gestoßen: (Fehlercode = 1752) Der Serverendpunkt kann den
Vorgang nicht ausführen.
< End of report > |