Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Guv und E-Mail Delivery Problem

Guv und E-Mail Delivery Problem


Plagegeister aller Art und deren Bekämpfung: Guv und E-Mail Delivery Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.05.2013, 22:45   #1
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem


Hallo hatte vor einiger Zeit den BKA Trojaner auf meinem Pc hab es soweit geschafft das er bis jetzt nicht mehr aufgetaucht ist. Seit gestern wird mein E-Mail Postfach mit hunderten Mails die ihren Absender nicht erreichen können zugemüllt. Habe einige Funde mit Eset und Malwarebyts. Hätte gerne Hilfe bei der Überprüfung und Bereinigung.
Danke

Code:
ATTFilter
OTL logfile created on: 26.05.2013 23:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free
15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.07 17:42:40 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012.11.26 16:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.17 07:05:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 07:04:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013.01.10 09:35:48 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 09:35:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 09:35:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 09:35:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.16 07:11:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.04 03:37:13 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.23 07:25:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.23 07:25:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.23 07:25:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.06 23:43:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.06 23:43:38 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 14:52:00 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:00 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.07.29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 37 51 61 D2 97 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE456
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.10.09 18:04:27 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E644A4-B088-4A69-8BBC-E031A6DFF6B8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.11 00:46:44 | 000,564,218 | R--- | M] () - D:\Autorun.dbd -- [ UDF ]
O32 - AutoRun File - [2007.08.31 20:16:25 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.09.06 08:18:49 | 000,004,039 | R--- | M] () - D:\Autorun.txt -- [ UDF ]
O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2007.09.14 07:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.26 23:01:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013.05.26 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{44F915F1-BE97-403D-95A9-FAA2BE8DAF7E}
[2013.05.25 23:20:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{02CF1C4B-55AC-4FE2-944A-035500DF9D72}
[2013.05.25 00:10:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{22717D86-FCB1-4D72-8CDA-FF6BDB65AB17}
[2013.05.24 08:19:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7188C3E8-5ADF-462E-A9F0-DA340544B362}
[2013.05.23 22:07:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CE429DE4-6BF6-4CBE-9EA7-085DA973E6DC}
[2013.05.22 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B966BF51-FCAB-4AC6-85AE-928D82ECE6CE}
[2013.05.21 19:21:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{60257324-7915-42A4-959F-7261D8B4849A}
[2013.05.21 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6DFEC746-BD6B-4116-8700-61D32860B826}
[2013.05.21 04:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.20 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5987C990-A22B-47BD-9724-08D255AD2296}
[2013.05.20 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C747B03-84B9-4516-A7F4-A0739DD923DE}
[2013.05.20 04:15:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FC276344-0302-4744-AF02-009F3FAE1937}
[2013.05.19 16:49:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BFFE6FD9-FEA6-45A4-90AE-270E09580AD9}
[2013.05.17 21:05:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F6CB7BB1-69FA-4340-8CAF-983C8A989F52}
[2013.05.17 07:06:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{422930D0-B636-46CA-9F88-333297AEC370}
[2013.05.16 07:07:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F3AF719B-C85F-4C1B-B746-1B21BA0A2ED6}
[2013.05.14 08:08:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C818CAB-B0C0-4B6A-A7C8-95B22838E9DE}
[2013.05.13 07:13:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7B9AACB9-BE60-4B86-9A98-1F5A39646E21}
[2013.05.12 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{81B73316-4FD5-41F2-BBE1-B6F607253A89}
[2013.05.12 18:07:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6D9ABE48-BBC1-4B8F-B26B-0A15ECF43B85}
[2013.05.11 22:19:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{45D4BFA1-148D-49FF-9D81-4C9D2D9C5697}
[2013.05.11 22:18:05 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.05.10 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{EE8D926D-EA9C-4ED5-AD88-C33C0945909A}
[2013.05.10 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F47B6CB7-89F1-4437-8441-3F5A8DBEDF8C}
[2013.05.08 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F80D56F2-BF46-42C0-9743-AFD02CBB2BB3}
[2013.05.07 17:43:35 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.07 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{578C940A-0C27-4290-88FE-61434C0D9F34}
[2013.05.06 20:53:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{DA7ABC83-A740-4B13-B781-4F26CF971AD1}
[2013.05.05 14:09:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{05F8722C-D1BE-4822-85EC-74B0F5BEC24F}
[2013.05.04 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.04 03:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.03 17:28:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{12BE1E96-2F0A-407F-AEA6-934E91B72746}
[2013.05.03 02:25:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\BugReport1
[2013.05.02 21:26:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B6F57F5A-C6BC-4A86-8A98-2B316FB080F7}
[2013.05.01 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B655216E-7FED-441F-83EE-E074F7589B80}
[2013.05.01 03:36:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E64DA07A-EA51-48B6-9E91-3584310479E1}
[2013.04.30 00:16:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D0C41B48-31B3-4AC0-96AD-2A8A18A0A5F9}
[2013.04.28 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{0A6B2A2E-94F2-4FD6-97AE-25F05289699D}
[2013.04.28 01:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.04.27 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FEF1AC6F-13CE-4A7C-BF84-E44E344276DA}
[2013.04.27 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{310F2E09-EE1B-49D1-A3BB-F1019F29C619}
[2013.04.27 14:00:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{76D60E98-7EC0-451C-8A0D-EB27CA991BD0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013.05.26 23:00:26 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 22:31:51 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 22:31:51 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 22:31:51 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 22:31:51 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 22:31:51 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.26 22:28:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.26 22:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.26 22:25:36 | 2132,733,951 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 10:13:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000UA.job
[2013.05.26 10:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.26 10:07:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 19:13:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000Core.job
[2013.05.21 04:02:39 | 000,000,748 | ---- | M] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk
[2013.05.17 07:02:51 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.07 17:43:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.05 14:32:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\of0dzj.pad
[2013.05.04 03:37:13 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.04 03:36:02 | 000,000,660 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.04 02:34:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\otolfot.pad
[2013.05.04 01:14:59 | 000,000,153 | ---- | M] () -- C:\ProgramData\otolfot.reg
[2013.04.27 08:45:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.26 23:00:26 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2013.05.21 04:02:39 | 000,000,748 | ---- | C] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk
[2013.05.05 14:31:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\of0dzj.pad
[2013.05.04 03:37:13 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.04 03:36:02 | 000,000,660 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.04 01:14:59 | 000,000,153 | ---- | C] () -- C:\ProgramData\otolfot.reg
[2013.05.04 01:14:55 | 095,023,320 | ---- | C] () -- C:\ProgramData\otolfot.pad
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.05 09:55:21 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.03.05 09:55:13 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.11 18:13:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.10.31 16:20:59 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.31 15:20:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2011.10.31 15:20:54 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2011.10.31 15:20:54 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2011.10.28 12:08:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.09 07:29:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2013.02.09 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.29 23:11:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI
[2012.10.09 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenCandy
[2013.03.19 04:20:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client
[2011.10.31 16:22:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2012.01.17 01:02:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >


Code:
ATTFilter
OTL Extras logfile created on: 26.05.2013 23:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free
15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCA3834-A8CE-4356-91D4-FD165D55D3A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1634136F-61C7-42F5-8CA8-3829FAAA15F1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{18E71BE3-0257-45F8-99FC-576F4594CFE9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2AC7F5F2-2179-4754-A80B-9ACDBE8E5414}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{36001E02-9511-4148-A1CB-5BFBDEC106D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4093E066-F5BA-4265-97B9-E71852A0CD7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4B92CC98-33BE-4676-B464-4C637956F827}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A12E3E2D-C14B-4101-BD9D-25A1F4F979C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A802133D-F076-48F8-9E71-A1787244B02E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AB8C58D3-00D3-46E2-86F3-9D515B52EC19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B000326E-D0A3-4089-99E6-C4AA7C5E7C74}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C407048E-1A02-469F-81DE-7C3750FEC3B8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ECE6714D-8CD4-4C5E-8424-9DF3E7223BED}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F5C48E3C-01FF-4899-8C9A-DFE3AAC76F98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F31979-F3CE-4CF1-9AED-A03527B0F630}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{08254108-BE65-4E94-9E72-43595BB7513D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{0A4357EF-F1FA-471E-A460-BD6A5724CBAC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{0DB513B7-B296-478C-9E6A-575C0C79729E}" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"{1A124D59-C4E0-472C-8C61-F37AE5D8D911}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{237B0849-502D-457A-9B2A-2BD428BE7571}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{23F2B678-9E02-4CB0-A92A-A19F01399D72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{2FB65FF3-1DA6-4381-946C-B77CAB1201BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{300B4EA3-0E19-4C0B-95F9-295394A4278F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{396A0929-5972-479A-A738-30F8B45C51A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{424D14F0-2AD6-4448-B0B6-47C12F1F1A84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{43E61A1D-A9E3-49E3-A5D0-E3E524BA65EF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{46A7495F-15B2-4FFB-A6BB-377ED1F79845}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{48A6A251-401E-40C2-BB1A-4CC73F334C73}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{4A8BAA03-696F-4A92-8DC7-0273EA5C14D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{50B21174-A1D1-4F29-ADFF-1207BE8013B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{52A768A5-8DFC-4B3C-BA70-7AEF2D0D8D78}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{5ECDD369-C613-4378-8EAF-E27F71C2D939}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{69A56E0F-04A6-44B0-B5BF-25FEF3127BB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{77E14D4E-403D-45C3-9B92-93F9CF2BF1A1}" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"{80D64F81-49EB-4841-A8C0-11451EC85E09}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{86CB2C5D-CE1C-4662-ADEB-324CD1398A37}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{89BFDADA-B784-44A6-913A-3219791E6515}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{90616361-8883-4F98-A042-F10F71ED71B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{9C56BA08-EFCD-442B-8BFB-E143BF062644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{A0D2D4B2-0561-4127-ABE4-2ED2D598596B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{A5BCDA97-0D7F-4641-AAC2-6971017BE14F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{A74C229C-6205-404B-93F7-45EB47BD859C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A80A50C9-FBCE-4EEF-BF7E-B95FC9227D70}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{BCF98A06-365E-4769-887D-2FFA9C0BEB84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{BD0ADC10-6247-418E-AE23-BCBAA0479FB5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CB2112DE-B2ED-4182-9BDC-3D442FF41D80}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{CE176AF2-57F0-4BD5-A9D2-9B5C611637AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CEB0A350-DAE0-44D6-AB4B-7E5E7B7C82A4}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{D4587E3C-D791-4178-95B5-972734FF04A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{D6C35CCD-83C8-4E9E-90B2-D449587365BF}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{DBBC4C3C-A053-4473-890F-E23E6D166AB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EA8321CF-DC9A-43A7-BC48-68A536433B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{ED4760AE-90E4-4494-A764-CD9B9FADDC6F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{F3513547-D4F9-4FEF-8EB9-335337B35CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F74A392B-6122-4C62-B02B-89A7A65265DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"TCP Query User{821A4437-9E3C-4679-8E22-4450EA2B2510}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe | 
"UDP Query User{8F03911D-35F5-4F5D-9AA3-84CE636361B7}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40F95BFE-36CF-481F-B7D9-8D8F2F3369F9}" = TSDoctor
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC0FCEDB-11AE-4D88-8633-537292C3E705}" = Commandos 3 - Destination Berlin
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BH - RT" = BH - RT
"Company of Heroes" = Company of Heroes
"ContentMod_2.6" = ContentMod2.6
"D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (deinstallieren)
"Diablo II" = Diablo II
"ESET Online Scanner" = ESET Online Scanner v3
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"G3QP231012008_is1" = Questpaket 4 Update 2 Deinstallation
"Green Devils" = Green Devils
"HaaliMkx" = Haali Media Splitter
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars" = PokerStars
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Steam App 40390" = Risen 2 - Dark Waters
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2012 16:11:51 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
 Zeitstempel: 0x4900aa18  Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
 Zeitstempel: 0x4900aa18  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c41a  ID des fehlerhaften
 Prozesses: 0xe00  Startzeit der fehlerhaften Anwendung: 0x01cda17efdeaeb5e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe  Berichtskennung:
 91583613-0d96-11e2-ba70-5404a67f4cb8
 
Error - 03.10.2012 18:35:11 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0046cede  ID des fehlerhaften
 Prozesses: 0x13f8  Startzeit der fehlerhaften Anwendung: 0x01cda187f78028c4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 97471daa-0daa-11e2-ba70-5404a67f4cb8
 
Error - 03.10.2012 21:12:55 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000030  ID des fehlerhaften
 Prozesses: 0x9dc  Startzeit der fehlerhaften Anwendung: 0x01cda1b785596f8c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a042cebc-0dc0-11e2-ba70-5404a67f4cb8
 
Error - 03.10.2012 21:34:43 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xcb0  Startzeit der fehlerhaften Anwendung: 0x01cda1cd90850aa4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: abe3a05a-0dc3-11e2-ba70-5404a67f4cb8
 
Error - 05.10.2012 06:07:24 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000d7bb4  ID des fehlerhaften
 Prozesses: 0x2c8  Startzeit der fehlerhaften Anwendung: 0x01cda2aa509d3828  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 74d16d43-0ed4-11e2-8ae0-5404a67f4cb8
 
Error - 05.10.2012 16:26:02 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00199b9e  ID des fehlerhaften
 Prozesses: 0x118c  Startzeit der fehlerhaften Anwendung: 0x01cda315a0c9b95f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 e103dfaf-0f2a-11e2-9598-5404a67f4cb8
 
Error - 05.10.2012 16:30:44 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000d7bb4  ID des fehlerhaften
 Prozesses: 0xb84  Startzeit der fehlerhaften Anwendung: 0x01cda337be006c43  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 890f02c7-0f2b-11e2-9598-5404a67f4cb8
 
Error - 07.10.2012 13:43:44 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 07.10.2012 14:26:40 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 07.10.2012 14:45:16 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
[ System Events ]
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:28:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, 
ist fehlgeschlagen. Fehler:   %%1056
 
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts)
 durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
 
< End of report >

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 23:27:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SM rev.1AJ10206 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliifow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000074f01465 2 bytes [F0, 74]
.text  C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----
Hab jetzt noch mal in der Quarantäne von Malewarebyts nachgeschaut dort sind folgende Funde gelistet, wurden noch nicht gelöscht:

Exploit Drop GS
Trojan Agent.gen
Rundll32.exe
Trojan Fake.Ms


Trojan Agent.gen
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run/ctfmon.exe

Logfile von Eset ist leider nicht mehr vorhanden

Danke für die Hilfe
Muss ich die Funde aus der Quarantäne löschen?

MFG Meister G
Geändert von Meister G. (26.05.2013 um 22:52 Uhr)

 

Themen zu Guv und E-Mail Delivery Problem
akamai, antivir, avira, benachrichtigungsdienst, dvdvideosoft ltd., e-mail, firefox, flash player, homepage, iexplore.exe, install.exe, js/agent.480412, logfile, microsoft office starter 2010, plug-in, problem, realtek, registry, secunia psi, security, svchost.exe, systemereignisse, tr/crypt.xpack.gen, tr/fake.rean.2121, tr/kazy.176162.2, tr/reveton.r.279, trojan.agent.gen, trojan.fakems, trojaner, windows


« gvu trojaner | Windows 8: Keine Startseite mehr, kein Desktop, keine Taskleiste. »


Ähnliche Themen: Guv und E-Mail Delivery Problem


  1. Bekomme massen E-Mail "This message was created automatically by mail delivery software."
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (2)
  2. Mail Delivery System <mailer-daemon@kundenserver.de> mailrücklauf auf nicht gesendete mail
    Überwachung, Datenschutz und Spam - 26.03.2015 (4)
  3. Mail Delivery Service seit mehr als 1 Monat wie bekomme ich das Problem aus der Welt
    Log-Analyse und Auswertung - 02.06.2014 (9)
  4. E-Mail Programm blockiert - Mail delivery failed..
    Log-Analyse und Auswertung - 20.04.2014 (18)
  5. Mail Delivery System Mails... Mail-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (7)
  6. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  7. Mail delivery failed, aber nur in Windows live mail
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (8)
  8. E-Mail Account gehakt? mail delivery-Nachrichten
    Antiviren-, Firewall- und andere Schutzprogramme - 14.06.2013 (17)
  9. Mail delivery failed
    Log-Analyse und Auswertung - 09.06.2013 (7)
  10. Mail delivery failed: returning message to sender, obwohl keine mail versendet
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (0)
  11. Mail delivery failed Emails - vermutlich Maleware Problem
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (16)
  12. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  13. E-Mail "Mail Delivery System" hundertfach im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (13)
  14. Web.de (Mail delivery failed)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (16)
  15. Mail delivery system meldet unzustellbare E-Mail
    Überwachung, Datenschutz und Spam - 27.03.2012 (4)
  16. Heute schon über 30 "Mail Delivery System "Mail Delivery System" Mail bekommen
    Log-Analyse und Auswertung - 26.05.2008 (4)
  17. Mail Delivery Subsystem ???
    Plagegeister aller Art und deren Bekämpfung - 19.09.2003 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Guv und E-Mail Delivery Problem - Hallo hatte vor einiger Zeit den BKA Trojaner auf meinem Pc hab es soweit geschafft das er bis jetzt nicht mehr aufgetaucht ist. Seit gestern wird mein E-Mail Postfach mit - Guv und E-Mail Delivery Problem...
Archiv
Du betrachtest: Guv und E-Mail Delivery Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19