Meister G. | 26.05.2013 22:45 | Guv und E-Mail Delivery Problem Hallo hatte vor einiger Zeit den BKA Trojaner auf meinem Pc hab es soweit geschafft das er bis jetzt nicht mehr aufgetaucht ist. Seit gestern wird mein E-Mail Postfach mit hunderten Mails die ihren Absender nicht erreichen können zugemüllt. Habe einige Funde mit Eset und Malwarebyts. Hätte gerne Hilfe bei der Überprüfung und Bereinigung.
Danke Code:
OTL logfile created on: 26.05.2013 23:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free
15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.07 17:42:40 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012.11.26 16:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.17 07:05:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 07:04:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013.01.10 09:35:48 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 09:35:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 09:35:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 09:35:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.16 07:11:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.05.04 03:37:13 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.23 07:25:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.23 07:25:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.23 07:25:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.06 23:43:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.06 23:43:38 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 14:52:00 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:00 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.07.29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 37 51 61 D2 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE456
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.10.09 18:04:27 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E644A4-B088-4A69-8BBC-E031A6DFF6B8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.11 00:46:44 | 000,564,218 | R--- | M] () - D:\Autorun.dbd -- [ UDF ]
O32 - AutoRun File - [2007.08.31 20:16:25 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.09.06 08:18:49 | 000,004,039 | R--- | M] () - D:\Autorun.txt -- [ UDF ]
O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2007.09.14 07:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.26 23:01:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013.05.26 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{44F915F1-BE97-403D-95A9-FAA2BE8DAF7E}
[2013.05.25 23:20:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{02CF1C4B-55AC-4FE2-944A-035500DF9D72}
[2013.05.25 00:10:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{22717D86-FCB1-4D72-8CDA-FF6BDB65AB17}
[2013.05.24 08:19:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7188C3E8-5ADF-462E-A9F0-DA340544B362}
[2013.05.23 22:07:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CE429DE4-6BF6-4CBE-9EA7-085DA973E6DC}
[2013.05.22 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B966BF51-FCAB-4AC6-85AE-928D82ECE6CE}
[2013.05.21 19:21:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{60257324-7915-42A4-959F-7261D8B4849A}
[2013.05.21 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6DFEC746-BD6B-4116-8700-61D32860B826}
[2013.05.21 04:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.20 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5987C990-A22B-47BD-9724-08D255AD2296}
[2013.05.20 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C747B03-84B9-4516-A7F4-A0739DD923DE}
[2013.05.20 04:15:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FC276344-0302-4744-AF02-009F3FAE1937}
[2013.05.19 16:49:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BFFE6FD9-FEA6-45A4-90AE-270E09580AD9}
[2013.05.17 21:05:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F6CB7BB1-69FA-4340-8CAF-983C8A989F52}
[2013.05.17 07:06:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{422930D0-B636-46CA-9F88-333297AEC370}
[2013.05.16 07:07:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F3AF719B-C85F-4C1B-B746-1B21BA0A2ED6}
[2013.05.14 08:08:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C818CAB-B0C0-4B6A-A7C8-95B22838E9DE}
[2013.05.13 07:13:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7B9AACB9-BE60-4B86-9A98-1F5A39646E21}
[2013.05.12 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{81B73316-4FD5-41F2-BBE1-B6F607253A89}
[2013.05.12 18:07:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6D9ABE48-BBC1-4B8F-B26B-0A15ECF43B85}
[2013.05.11 22:19:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{45D4BFA1-148D-49FF-9D81-4C9D2D9C5697}
[2013.05.11 22:18:05 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.05.10 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{EE8D926D-EA9C-4ED5-AD88-C33C0945909A}
[2013.05.10 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F47B6CB7-89F1-4437-8441-3F5A8DBEDF8C}
[2013.05.08 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F80D56F2-BF46-42C0-9743-AFD02CBB2BB3}
[2013.05.07 17:43:35 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.07 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{578C940A-0C27-4290-88FE-61434C0D9F34}
[2013.05.06 20:53:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{DA7ABC83-A740-4B13-B781-4F26CF971AD1}
[2013.05.05 14:09:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{05F8722C-D1BE-4822-85EC-74B0F5BEC24F}
[2013.05.04 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.04 03:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.03 17:28:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{12BE1E96-2F0A-407F-AEA6-934E91B72746}
[2013.05.03 02:25:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\BugReport1
[2013.05.02 21:26:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B6F57F5A-C6BC-4A86-8A98-2B316FB080F7}
[2013.05.01 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B655216E-7FED-441F-83EE-E074F7589B80}
[2013.05.01 03:36:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E64DA07A-EA51-48B6-9E91-3584310479E1}
[2013.04.30 00:16:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D0C41B48-31B3-4AC0-96AD-2A8A18A0A5F9}
[2013.04.28 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{0A6B2A2E-94F2-4FD6-97AE-25F05289699D}
[2013.04.28 01:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.04.27 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FEF1AC6F-13CE-4A7C-BF84-E44E344276DA}
[2013.04.27 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{310F2E09-EE1B-49D1-A3BB-F1019F29C619}
[2013.04.27 14:00:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{76D60E98-7EC0-451C-8A0D-EB27CA991BD0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013.05.26 23:00:26 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 22:31:51 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 22:31:51 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 22:31:51 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 22:31:51 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 22:31:51 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.26 22:28:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.26 22:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.26 22:25:36 | 2132,733,951 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 10:13:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000UA.job
[2013.05.26 10:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.26 10:07:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 19:13:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000Core.job
[2013.05.21 04:02:39 | 000,000,748 | ---- | M] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk
[2013.05.17 07:02:51 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.07 17:43:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.05 14:32:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\of0dzj.pad
[2013.05.04 03:37:13 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.04 03:36:02 | 000,000,660 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.04 02:34:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\otolfot.pad
[2013.05.04 01:14:59 | 000,000,153 | ---- | M] () -- C:\ProgramData\otolfot.reg
[2013.04.27 08:45:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.26 23:00:26 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2013.05.21 04:02:39 | 000,000,748 | ---- | C] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk
[2013.05.05 14:31:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\of0dzj.pad
[2013.05.04 03:37:13 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.04 03:36:02 | 000,000,660 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.04 01:14:59 | 000,000,153 | ---- | C] () -- C:\ProgramData\otolfot.reg
[2013.05.04 01:14:55 | 095,023,320 | ---- | C] () -- C:\ProgramData\otolfot.pad
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.05 09:55:21 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.03.05 09:55:13 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.11 18:13:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.10.31 16:20:59 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.31 15:20:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2011.10.31 15:20:54 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2011.10.31 15:20:54 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2011.10.28 12:08:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.09 07:29:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2013.02.09 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.29 23:11:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI
[2012.10.09 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenCandy
[2013.03.19 04:20:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client
[2011.10.31 16:22:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2012.01.17 01:02:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report > Code:
OTL Extras logfile created on: 26.05.2013 23:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free
15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCA3834-A8CE-4356-91D4-FD165D55D3A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{1634136F-61C7-42F5-8CA8-3829FAAA15F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{18E71BE3-0257-45F8-99FC-576F4594CFE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{2AC7F5F2-2179-4754-A80B-9ACDBE8E5414}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{36001E02-9511-4148-A1CB-5BFBDEC106D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4093E066-F5BA-4265-97B9-E71852A0CD7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4B92CC98-33BE-4676-B464-4C637956F827}" = rport=138 | protocol=17 | dir=out | app=system |
"{A12E3E2D-C14B-4101-BD9D-25A1F4F979C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A802133D-F076-48F8-9E71-A1787244B02E}" = lport=445 | protocol=6 | dir=in | app=system |
"{AB8C58D3-00D3-46E2-86F3-9D515B52EC19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B000326E-D0A3-4089-99E6-C4AA7C5E7C74}" = lport=137 | protocol=17 | dir=in | app=system |
"{C407048E-1A02-469F-81DE-7C3750FEC3B8}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECE6714D-8CD4-4C5E-8424-9DF3E7223BED}" = lport=138 | protocol=17 | dir=in | app=system |
"{F5C48E3C-01FF-4899-8C9A-DFE3AAC76F98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F31979-F3CE-4CF1-9AED-A03527B0F630}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{08254108-BE65-4E94-9E72-43595BB7513D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{0A4357EF-F1FA-471E-A460-BD6A5724CBAC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{0DB513B7-B296-478C-9E6A-575C0C79729E}" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"{1A124D59-C4E0-472C-8C61-F37AE5D8D911}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{237B0849-502D-457A-9B2A-2BD428BE7571}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{23F2B678-9E02-4CB0-A92A-A19F01399D72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{2FB65FF3-1DA6-4381-946C-B77CAB1201BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{300B4EA3-0E19-4C0B-95F9-295394A4278F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{396A0929-5972-479A-A738-30F8B45C51A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{424D14F0-2AD6-4448-B0B6-47C12F1F1A84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{43E61A1D-A9E3-49E3-A5D0-E3E524BA65EF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{46A7495F-15B2-4FFB-A6BB-377ED1F79845}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{48A6A251-401E-40C2-BB1A-4CC73F334C73}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{4A8BAA03-696F-4A92-8DC7-0273EA5C14D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{50B21174-A1D1-4F29-ADFF-1207BE8013B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52A768A5-8DFC-4B3C-BA70-7AEF2D0D8D78}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{5ECDD369-C613-4378-8EAF-E27F71C2D939}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{69A56E0F-04A6-44B0-B5BF-25FEF3127BB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{77E14D4E-403D-45C3-9B92-93F9CF2BF1A1}" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"{80D64F81-49EB-4841-A8C0-11451EC85E09}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{86CB2C5D-CE1C-4662-ADEB-324CD1398A37}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{89BFDADA-B784-44A6-913A-3219791E6515}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{90616361-8883-4F98-A042-F10F71ED71B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{9C56BA08-EFCD-442B-8BFB-E143BF062644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{A0D2D4B2-0561-4127-ABE4-2ED2D598596B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{A5BCDA97-0D7F-4641-AAC2-6971017BE14F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{A74C229C-6205-404B-93F7-45EB47BD859C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A80A50C9-FBCE-4EEF-BF7E-B95FC9227D70}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{BCF98A06-365E-4769-887D-2FFA9C0BEB84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{BD0ADC10-6247-418E-AE23-BCBAA0479FB5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CB2112DE-B2ED-4182-9BDC-3D442FF41D80}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{CE176AF2-57F0-4BD5-A9D2-9B5C611637AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEB0A350-DAE0-44D6-AB4B-7E5E7B7C82A4}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{D4587E3C-D791-4178-95B5-972734FF04A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{D6C35CCD-83C8-4E9E-90B2-D449587365BF}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{DBBC4C3C-A053-4473-890F-E23E6D166AB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA8321CF-DC9A-43A7-BC48-68A536433B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{ED4760AE-90E4-4494-A764-CD9B9FADDC6F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{F3513547-D4F9-4FEF-8EB9-335337B35CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F74A392B-6122-4C62-B02B-89A7A65265DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"TCP Query User{821A4437-9E3C-4679-8E22-4450EA2B2510}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
"UDP Query User{8F03911D-35F5-4F5D-9AA3-84CE636361B7}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40F95BFE-36CF-481F-B7D9-8D8F2F3369F9}" = TSDoctor
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC0FCEDB-11AE-4D88-8633-537292C3E705}" = Commandos 3 - Destination Berlin
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BH - RT" = BH - RT
"Company of Heroes" = Company of Heroes
"ContentMod_2.6" = ContentMod2.6
"D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (deinstallieren)
"Diablo II" = Diablo II
"ESET Online Scanner" = ESET Online Scanner v3
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"G3QP231012008_is1" = Questpaket 4 Update 2 Deinstallation
"Green Devils" = Green Devils
"HaaliMkx" = Haali Media Splitter
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars" = PokerStars
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Steam App 40390" = Risen 2 - Dark Waters
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.10.2012 16:11:51 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xe00 Startzeit der fehlerhaften Anwendung: 0x01cda17efdeaeb5e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
91583613-0d96-11e2-ba70-5404a67f4cb8
Error - 03.10.2012 18:35:11 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0046cede ID des fehlerhaften
Prozesses: 0x13f8 Startzeit der fehlerhaften Anwendung: 0x01cda187f78028c4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
97471daa-0daa-11e2-ba70-5404a67f4cb8
Error - 03.10.2012 21:12:55 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000030 ID des fehlerhaften
Prozesses: 0x9dc Startzeit der fehlerhaften Anwendung: 0x01cda1b785596f8c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a042cebc-0dc0-11e2-ba70-5404a67f4cb8
Error - 03.10.2012 21:34:43 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xcb0 Startzeit der fehlerhaften Anwendung: 0x01cda1cd90850aa4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: abe3a05a-0dc3-11e2-ba70-5404a67f4cb8
Error - 05.10.2012 06:07:24 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d7bb4 ID des fehlerhaften
Prozesses: 0x2c8 Startzeit der fehlerhaften Anwendung: 0x01cda2aa509d3828 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
74d16d43-0ed4-11e2-8ae0-5404a67f4cb8
Error - 05.10.2012 16:26:02 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00199b9e ID des fehlerhaften
Prozesses: 0x118c Startzeit der fehlerhaften Anwendung: 0x01cda315a0c9b95f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
e103dfaf-0f2a-11e2-9598-5404a67f4cb8
Error - 05.10.2012 16:30:44 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d7bb4 ID des fehlerhaften
Prozesses: 0xb84 Startzeit der fehlerhaften Anwendung: 0x01cda337be006c43 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
890f02c7-0f2b-11e2-9598-5404a67f4cb8
Error - 07.10.2012 13:43:44 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 07.10.2012 14:26:40 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 07.10.2012 14:45:16 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
[ System Events ]
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:28:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts)
durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
< End of report > Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 23:27:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SM rev.1AJ10206 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliifow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
---- EOF - GMER 2.1 ---- Hab jetzt noch mal in der Quarantäne von Malewarebyts nachgeschaut dort sind folgende Funde gelistet, wurden noch nicht gelöscht:
Exploit Drop GS
Trojan Agent.gen
Rundll32.exe
Trojan Fake.Ms
Trojan Agent.gen
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run/ctfmon.exe
Logfile von Eset ist leider nicht mehr vorhanden
Danke für die Hilfe
Muss ich die Funde aus der Quarantäne löschen?
MFG Meister G |