bump.exe , find.exe und verlangsamtest Internet
Hallo zusammen,
ich habe folgendes problem. Es fing vor ca. 2 tagen an, dass mir auffiel, dass mein internet mit einem mal sehr langsam wurde, worauf ich erstmal unseren router für einige minuten ausstellte, was für vielleicht 10 minuten abhilfe schuf.
Als es erneut schlimmer wurde, hab ich mal in den laufenden prozessen gestöbert und mir sind die bump.exe und die find.exe aufgefallen, die immer für ein paar augenblicke aktiv und dann wieder inaktiv sind.
Habe also erstmal gegooglet und gelesen, dass diese beiden scheinbar häufiger probleme verursachen, allerdings nichts in verbindung mit internetproblemen gefunden.
Habe dann malwarebytes drüberlaufen lassen (natürlich vorher aktualisiert), was auch einen trojaner gefunden und entfernt hat. Die beiden .exe dateien sind allerdings noch vorhanden.
Also wende ich mich nun an euch und hoffe, dass ihr mir helfen könnt.
Hier erstmal die OTL-logs:
OTL.txt:
OTL Logfile: Code:
OTL logfile created on: 07.02.2011 19:10:34 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 80,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 54,58 Gb Free Space | 48,87% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 361,69 Gb Free Space | 77,66% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1509,67 Gb Free Space | 81,03% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
========== Modules (SafeList) ==========
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (DAUpdaterSvc) -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 49 F8 6B AF 5A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://hardcoremetal.biz/news.html"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.06 19:01:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 08:29:22 | 000,000,000 | ---D | M]
[2010.09.23 04:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.02.07 16:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lvd8ztte.default\extensions
[2011.01.02 18:25:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lvd8ztte.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.31 17:17:58 | 000,002,122 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lvd8ztte.default\searchplugins\chip-online-suche.xml
[2010.04.08 16:04:14 | 000,004,097 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lvd8ztte.default\searchplugins\hms.xml
[2010.04.15 02:03:36 | 000,003,171 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lvd8ztte.default\searchplugins\kinoto.xml
[2009.09.07 21:15:22 | 000,001,203 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lvd8ztte.default\searchplugins\uespwiki-en.xml
[2009.04.29 19:35:16 | 000,000,945 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lvd8ztte.default\searchplugins\youtube-videosuche.xml
[2011.02.07 16:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.25 00:05:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.25 01:17:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 17:36:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.08 00:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.11.24 22:29:57 | 000,001,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
O4:64bit: - HKLM..\Run: [Chew7Hale] C:\Windows\SysNative\hale.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{549d4d72-1e76-11e0-8dbb-e0cb4eff9bca}\Shell - "" = AutoRun
O33 - MountPoints2\{549d4d72-1e76-11e0-8dbb-e0cb4eff9bca}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.02.07 18:45:30 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.01.26 21:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2011.01.26 21:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX300 series Benutzerregistrierung
[2011.01.26 21:41:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011.01.26 21:41:17 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011.01.26 21:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX300 series
[2011.01.26 21:41:05 | 000,258,560 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM90.DLL
[2011.01.26 21:40:53 | 000,229,888 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC300O.DLL
[2011.01.26 21:40:52 | 000,246,272 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC300L.DLL
[2011.01.26 21:40:52 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC300I.DLL
[2011.01.26 21:40:51 | 001,439,744 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC300C.DLL
[2011.01.26 21:40:41 | 000,143,360 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFMSc.EXE
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcUS.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcTW.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcTR.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcTH.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcSE.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcRU.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcPT.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcPL.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcNO.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcKR.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcIT.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcID.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcHU.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcGR.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcFR.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcFI.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcES.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcDK.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcDE.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcCZ.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcCN.DLL
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcAR.DLL
[2011.01.26 21:40:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLcJP.DLL
[2011.01.26 21:40:39 | 000,183,296 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCF2Lc.DLL
[2011.01.26 21:40:33 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011.01.26 21:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011.01.25 21:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.01.25 21:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.01.25 21:00:57 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011.01.21 19:21:01 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.01.15 16:19:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Dialsoft
[2011.01.15 16:19:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Die 4te Offenbarung 1.70
[2011.01.12 21:28:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western_Digital
[2011.01.12 21:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011.01.12 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011.01.12 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2011.01.12 21:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011.01.12 21:17:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2011.01.11 23:43:40 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.11 23:43:40 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.11 23:43:40 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.11 23:43:40 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.11 23:43:40 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.11 23:43:39 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.11 23:43:39 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.11 23:43:39 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.11 23:43:39 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.11 23:43:39 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.11 23:43:39 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.11 23:43:38 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.11 23:43:38 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.11 23:43:38 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.11 23:43:38 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.11 23:43:38 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.11 23:43:38 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.11 23:43:38 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.11 23:43:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.11 23:43:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.11 23:43:38 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.11 23:43:37 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.11 23:43:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.11 23:43:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.11 23:43:37 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.11 23:43:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.11 23:43:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.11 23:43:19 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.11 23:43:19 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2010.05.05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.02.07 19:11:21 | 383,910,027 | ---- | M] () -- C:\Windows\SysNative\cwlog.dtl
[2011.02.07 18:47:33 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.07 18:47:33 | 000,653,868 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.07 18:47:33 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.07 18:47:33 | 000,130,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.07 18:47:33 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.07 18:45:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.02.07 18:41:48 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011.02.07 18:41:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.07 18:41:35 | 2139,660,287 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.07 18:41:05 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2011.02.07 18:41:05 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2011.02.07 18:41:05 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2011.02.07 18:40:59 | 000,010,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.07 18:40:59 | 000,010,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.30 03:42:19 | 000,000,646 | ---- | M] () -- C:\Users\***\Desktop\Super Meat Boy.lnk
[2011.01.28 23:38:53 | 000,000,625 | ---- | M] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
[2011.01.25 21:01:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.01.25 21:01:10 | 001,523,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.16 15:00:13 | 000,271,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.01.15 16:22:05 | 000,000,665 | ---- | M] () -- C:\Users\***\Desktop\T4C.lnk
[2011.01.12 21:26:33 | 000,001,318 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.01.30 03:42:19 | 000,000,646 | ---- | C] () -- C:\Users\***\Desktop\Super Meat Boy.lnk
[2011.01.26 21:40:41 | 000,003,584 | ---- | C] () -- C:\Windows\SysNative\CNCFLcNL.DLL
[2011.01.25 21:01:24 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.01.15 16:22:05 | 000,000,665 | ---- | C] () -- C:\Users\***\Desktop\T4C.lnk
[2011.01.12 21:26:33 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011.01.06 21:53:48 | 000,000,273 | ---- | C] () -- C:\Windows\vtmb.ini
[2010.11.30 23:09:07 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.11.30 22:54:13 | 000,015,144 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.03 15:41:08 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.10.02 20:02:20 | 000,015,412 | ---- | C] () -- C:\Windows\SysWow64\BReWErS.dll
[2010.09.27 20:51:14 | 001,523,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.25 00:03:44 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.09.24 22:19:24 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.09.24 22:19:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.09.24 22:19:05 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.09.23 05:00:18 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.09.23 05:00:17 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.09.23 05:00:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.09.23 05:00:16 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.09.23 04:57:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.09.23 04:57:40 | 000,025,587 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.09.23 04:46:56 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.05.05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.05.05 19:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.05.05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 12:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2010.10.24 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.11.19 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.15 01:17:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.09.27 20:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dragon Age Toolset
[2010.09.26 16:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.02.07 19:09:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.10.01 23:35:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.12.19 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2010.09.25 00:07:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.19 18:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2010.12.15 01:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2010.10.24 20:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2010.09.24 23:34:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.07 20:34:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011.01.31 17:01:07 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
Extras.txt:
OTL Logfile: Code:
OTL Extras logfile created on: 07.02.2011 19:10:34 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 80,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 54,58 Gb Free Space | 48,87% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 361,69 Gb Free Space | 77,66% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1509,67 Gb Free Space | 81,03% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6F482C75-174D-42EB-A2CF-B00A1F354F7B}" = WD SmartWare
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Canon MX300 series Benutzerregistrierung" = Canon MX300 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Die 4te Offenbarung 1.25g1.25g" = Die 4te Offenbarung 1.25g
"Die 4te Offenbarung 1.701.70" = Die 4te Offenbarung 1.70
"F.E.A.R.2 Project Origin v1.04 Update" = F.E.A.R.2 Project Origin v1.04 Update
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"Fences" = Fences
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.0
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Risen - ModStarter_is1" = Risen - ModStarter 1.3.1.3 (Online Mods DB version)
"RouterControl" = RouterControl 2.0
"SFBM" = SoundFont-Bank-Manager
"TeamViewer 5" = TeamViewer 5
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"ZOTAC FireStorm" = ZOTAC FireStorm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned- Leliana's Song" = Dragon Age Redesigned- Leliana's Song
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"Dragon Age Redesigned© Wynne" = Dragon Age Redesigned© Wynne
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2011 14:34:06 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm t4c.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1028 Startzeit:
01cbb0e789855ab5 Endzeit: 18 Anwendungspfad: E:\Games\Die 4te Offenbarung 1.25g\t4c.exe
Berichts-ID:
Error - 13.01.2011 21:53:28 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.0.0.152, Zeitstempel:
0x4cb31516 Name des fehlerhaften Moduls: Skype.exe, Version: 5.0.0.152, Zeitstempel:
0x4cb31516 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00794600 ID des fehlerhaften Prozesses:
0x136c Startzeit der fehlerhaften Anwendung: 0x01cbb35b1886cff0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Skype\Phone\Skype.exe Berichtskennung: 142efb35-1f81-11e0-83a5-e0cb4eff9bca
Error - 15.01.2011 13:22:18 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm rmds.exe, Version 1.3.2.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1370 Startzeit:
01cbb4cf0e950d84 Endzeit: 1 Anwendungspfad: E:\Games\Risen\RisenMDS\rmds.exe Berichts-ID:
ff00bb6e-20cb-11e0-85f2-e0cb4eff9bca
Error - 15.01.2011 23:28:12 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Risen.exe, Version 1.0.28552.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ac4 Startzeit:
01cbb52cbd834a1e Endzeit: 132 Anwendungspfad: E:\Games\Risen\bin\Risen.exe Berichts-ID:
Error - 15.01.2011 23:40:49 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Risen.exe, Version 1.0.28552.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ce4 Startzeit:
01cbb52d6bfc5c52 Endzeit: 105 Anwendungspfad: E:\Games\Risen\bin\Risen.exe Berichts-ID:
Error - 16.01.2011 12:08:31 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Risen.exe, Version 1.0.28552.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7cc Startzeit:
01cbb58eec72bb4d Endzeit: 351 Anwendungspfad: E:\Games\Risen\bin\Risen.exe Berichts-ID:
Error - 16.01.2011 12:38:44 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Risen.exe, Version 1.0.28552.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 860 Startzeit:
01cbb597afc5d978 Endzeit: 113 Anwendungspfad: E:\Games\Risen\bin\Risen.exe Berichts-ID:
Error - 16.01.2011 13:38:16 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Risen.exe, Version 1.0.28552.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa8 Startzeit:
01cbb59f9b0b1a24 Endzeit: 107 Anwendungspfad: E:\Games\Risen\bin\Risen.exe Berichts-ID:
Error - 16.01.2011 16:17:32 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Risen.exe, Version 1.0.28552.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12a8 Startzeit:
01cbb5ac19097dee Endzeit: 95 Anwendungspfad: E:\Games\Risen\bin\Risen.exe Berichts-ID:
Error - 29.01.2011 22:16:54 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.8.2985,
Zeitstempel: 0x4c3b43ea Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b727 ID des fehlerhaften
Prozesses: 0x1170 Startzeit der fehlerhaften Anwendung: 0x01cbc023c0b1ed1f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 010d0fe6-2c17-11e0-a70f-e0cb4eff9bca
[ System Events ]
Error - 26.09.2010 21:09:16 | Computer Name = ***-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 26.09.2010 21:10:03 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?09.?2010 um 03:09:12 unerwartet heruntergefahren.
Error - 26.09.2010 21:12:10 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?09.?2010 um 03:10:59 unerwartet heruntergefahren.
Error - 30.09.2010 15:58:24 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?09.?2010 um 21:55:55 unerwartet heruntergefahren.
Error - 30.09.2010 16:06:13 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?09.?2010 um 22:05:21 unerwartet heruntergefahren.
Error - 02.10.2010 08:59:28 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?10.?2010 um 14:55:07 unerwartet heruntergefahren.
Error - 02.10.2010 09:27:23 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?10.?2010 um 15:26:25 unerwartet heruntergefahren.
Error - 03.10.2010 23:02:28 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?10.?2010 um 04:59:02 unerwartet heruntergefahren.
Error - 06.10.2010 17:10:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Group Policy Client konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 10.10.2010 06:24:58 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?10.?2010 um 12:21:58 unerwartet heruntergefahren.
< End of report >
--- --- ---
Und hier das malwarebytes log, welches den trojaner entfernt hat: Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5702
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
07.02.2011 18:40:26
mbam-log-2011-02-07 (18-40-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|)
Durchsuchte Objekte: 354005
Laufzeit: 19 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
|
Ich hoffe doch sehr, dass ihr mir helfen könnt. Hoffe, ich hab soweit alles richtig gemacht.
Schonmal vielen dank im voraus.
Andras
Edit: Hab versucht, die verlinkungen von von malwarebytes und OTL rauszunehmen, wusste allerdings nicht, wie ich das bewerkstelligen sollte. Hoffe, das ist kein problem. |
