| |
| |||||||
Log-Analyse und Auswertung: Präventiver SicherheitscheckWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.03.2013, 21:55
| #1 |
 |  Präventiver Sicherheitscheck Hallo! Folgendes: Ich würde gerne demnächst an meinem Laptop einige Online-Käufe usw. machen, allerdings hatte ich in vergangenen Jahren schon mal Probleme mit Malware. Mittlerweile wurde der Laptop öfters neu aufgesetzt, allerdings seit längerer Zeit nun nicht mehr, und darum würde ich das Ding gerne einfach mal mit euch durchchecken, um zu schauen ob ich mit gutem Gewissen Kreditkarteninfos an meinem PC eintippen kann :) Hier die Logfiles von OTL und gmer:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.03.2013 21:21:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Odion\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,64% Memory free 7,99 Gb Paging File | 7,02 Gb Available in Paging File | 87,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,32 Gb Total Space | 211,81 Gb Free Space | 73,46% Space Free | Partition Type: NTFS Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe PRC - [2009.03.12 17:15:58 | 001,552,497 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe ========== Modules (No Company Name) ========== MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.01 20:54:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll MOD - [2009.01.12 15:11:40 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.04 11:16:08 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.09.04 11:16:00 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.08.01 14:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.30 11:01:09 | 000,465,408 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144) DRV:64bit: - [2009.07.30 11:01:09 | 000,043,520 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM) DRV:64bit: - [2009.07.30 11:01:09 | 000,025,600 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA DE 6C C4 78 20 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll CHR - Extension: YouTube = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: ProxMate - unblock the Internet! = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.2.4_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Google Mail = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Program Files (x86)\PLFSetI.exe File not found O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129D832F-611B-4C09-AFF2-189DA02FBA23}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F836FCEB-46C2-45AE-8ACA-F6B3A018AC99}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.11 21:20:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe [2013.03.03 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc [2013.02.15 02:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.12 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.12 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe [2013.03.11 21:19:32 | 000,000,000 | ---- | M] () -- C:\Users\Odion\defogger_reenable [2013.03.11 21:18:07 | 000,050,477 | ---- | M] () -- C:\Users\Odion\Desktop\Defogger.exe [2013.03.11 21:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001UA.job [2013.03.11 18:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.11 17:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.11 17:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.11 17:23:34 | 3217,170,432 | -HS- | M] () -- C:\hiberfil.sys [2013.03.10 23:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001Core.job [2013.03.06 11:15:05 | 000,002,364 | ---- | M] () -- C:\Users\Odion\Desktop\Google Chrome.lnk [2013.03.04 16:35:30 | 1244,171,973 | ---- | M] () -- C:\Users\Odion\Desktop\Lulul.rar [2013.03.04 16:16:07 | 000,013,824 | ---- | M] () -- C:\Users\Odion\Documents\Okay.veg [2013.02.28 22:27:48 | 003,487,768 | ---- | M] () -- C:\Users\Odion\Desktop\JBB.mp3 [2013.02.25 18:47:52 | 000,015,096 | ---- | M] () -- C:\Users\Odion\Documents\HS.veg [2013.02.20 15:32:18 | 017,621,248 | ---- | M] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav [2013.02.17 18:45:31 | 122,393,698 | ---- | M] () -- C:\Users\Odion\Documents\niiice.mp4 [2013.02.14 12:18:28 | 000,313,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.14 02:48:15 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 02:48:15 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.14 02:48:15 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 02:48:15 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.14 02:48:15 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.14 02:45:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.12 14:24:18 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2013.03.11 21:19:32 | 000,000,000 | ---- | C] () -- C:\Users\Odion\defogger_reenable [2013.03.11 21:18:06 | 000,050,477 | ---- | C] () -- C:\Users\Odion\Desktop\Defogger.exe [2013.03.04 16:29:47 | 1244,171,973 | ---- | C] () -- C:\Users\Odion\Desktop\Lulul.rar [2013.03.04 16:16:07 | 000,013,824 | ---- | C] () -- C:\Users\Odion\Documents\Okay.veg [2013.02.28 22:10:28 | 003,487,768 | ---- | C] () -- C:\Users\Odion\Desktop\JBB.mp3 [2013.02.25 18:47:52 | 000,015,096 | ---- | C] () -- C:\Users\Odion\Documents\HS.veg [2013.02.20 15:32:16 | 017,621,248 | ---- | C] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav [2013.02.17 18:27:38 | 122,393,698 | ---- | C] () -- C:\Users\Odion\Documents\niiice.mp4 [2012.05.31 13:44:20 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.02 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\.minecraft [2012.07.01 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Aeria Games & Entertainment [2013.02.28 23:41:52 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Audacity [2012.12.11 20:38:50 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\DVDVideoSoft [2012.12.11 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.19 18:02:46 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\NetMedia Providers [2012.04.19 18:02:46 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Publish Providers [2012.04.21 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Sony [2013.03.03 18:49:41 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc ========== Purity Check ========== < End of report > ____OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.03.2013 21:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,64% Memory free
7,99 Gb Paging File | 7,02 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,81 Gb Free Space | 73,46% Space Free | Partition Type: NTFS
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D76EE9-A5E8-427F-9606-1CC52B99E852}" = rport=138 | protocol=17 | dir=out | app=system |
"{02B784D5-0C66-4CF7-9358-ED600A309735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{088EFE32-B0C4-4C27-9905-C1B1A7DAB2DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0DF1AAB6-4A83-4CFD-B93E-9E23AB20768D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10EE3223-6102-4F13-8C3E-5B33792FA9BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13E77085-AD60-42A9-9E3E-824A1A092A3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{14E98A35-DD06-4BCB-B987-3B373F947AB0}" = lport=139 | protocol=6 | dir=in | app=system |
"{194508BE-5954-4ED4-A1F7-22D5F5F4BD77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64C98732-A5B7-411C-937E-0CE9F49DFF99}" = rport=139 | protocol=6 | dir=out | app=system |
"{690C87EE-F09D-48EA-AF75-EEFF9E1E0453}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EFE13F2-F3D9-4F51-A745-1CCAB1FA081A}" = lport=445 | protocol=6 | dir=in | app=system |
"{72F57342-66BA-405E-8ABA-A495C706D3C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74B5A420-E3A2-4F1B-ABE8-B4DFB4F49B13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F37989-9B6B-482C-96CE-91EA26988B8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D24AFBC-C7B4-42A0-98F6-170A744A4F12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82D5A951-1A34-4BDB-AB50-209FA7AB5607}" = lport=137 | protocol=17 | dir=in | app=system |
"{901EB14E-5DC2-4A61-9619-D419BF435A3C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A13E267-9A89-433B-B0CA-2F8AC3241EC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9FD52368-EC56-4ACF-9E21-17A087FCFA64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6D8C6B5-BA04-4A07-8E9D-7B23414A694A}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB48DA1C-A2FD-43BA-940E-3535157FF6BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5D83B5C-FBB3-4D10-B2C2-B2E5EC90A746}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00589857-9A74-464E-B7D5-9958DB83CAFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{060865CE-9EE7-4B30-8DF0-181AFB93F946}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{0DA4C8CC-DB2F-4440-8A16-9E6C6A7CE92A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{12BA1064-66CB-4F7C-800C-48E51E6B0561}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{1360506E-CE93-4F1E-8D75-FB927A1E832B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16C555F0-6BF9-482C-9D89-92782E14A081}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{199453F8-0064-456F-8C3B-C5F5BAA27767}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{22BDBF0C-C34E-4D2D-A8CF-D366CBC5C3E6}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{264BA0E4-9A39-4612-8EE1-8FF0BDF2472D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31A31B02-3C60-4F08-A519-914BE58EAC8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{3C19A017-5D2E-4BEA-A253-30D060095618}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44B1A2BE-5FB9-4D27-95FB-AFD95234C763}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{45EBFF91-CF77-4BE2-A150-E75A3BAF7A99}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{4AAF8D5B-EFA5-4389-9121-E829917239A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{4AB8D6EC-1A67-4DD8-8C9E-373907D5FAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{4ABB5E93-5FED-455E-AFDB-3D1B95843AF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FE19CC3-6105-4169-BFA7-D5799760410C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{51FD3C44-5447-4CAE-8531-70897581FD20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6133DA1D-E1D3-4992-8225-C9310CDA6F97}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6205FAB8-A38A-4654-9F7A-8D6A08A0EE40}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{64725DBC-B47C-430A-B8A3-02B91AD26648}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67D8651E-E4F5-44A0-861D-E52707AC197F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B32C291-122E-456C-B873-CAEFF952D057}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C0422CE-44B7-4F45-8374-DB06B8F03092}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C1D4351-C786-4176-8FCA-FC53DCEE0615}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84F71C2B-15EA-48B2-BBAA-0186C7637534}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AB64104-98E8-4F17-9098-23B69950A474}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A44FA021-3C56-4710-A27B-92BBC2BC76D5}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{AEDAA44B-BA54-48A5-9E0E-98D55286F098}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B82775D7-42AD-4579-BD0B-89510266C4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{CA007730-0867-4642-9723-351310A58129}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{CB4EA792-52CA-4DC9-A642-B3B432BC35C3}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{CCD0F669-77AE-4FFB-AE29-60B44E62BE64}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{D44C4487-0634-44CC-9F09-503B77B84D65}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{DA8AACD1-9DCE-4153-8DD9-EE9A0A634DDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAFCAEB4-F1C8-434D-8780-EBFBF7FD7EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB9CBB95-7BA6-4DF3-AB12-A83471ECCA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{F524B257-3039-4FE2-B433-9D3F038B2B27}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{FB8B6D3B-1E06-4C90-A470-A32C1CB25E02}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF893876-6E01-4E45-A8B8-0DB16B4FE711}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"TCP Query User{3BB936CC-4A4A-476E-9C7E-0697088FE059}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55F6D8FE-00AB-40AA-86A4-5EC1E1C2A14B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EECA2A0-F33A-4C9B-9560-FF16F2BEF846}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BD306950-B0CD-44CD-8223-B5C1B123FCC3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EAB878AC-22BC-4DF5-9BED-827E23442A6D}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F18733E5-9A22-4A5A-898A-F33D9385B723}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{1695D144-8033-4007-80ED-BBBE520B768E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{62360048-92D5-43E0-89F1-2523B74E5719}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6A250440-BB5E-4143-9D9D-E87A59222EA7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6EDCB93D-8F5D-4567-85C3-BD7F14ECE4B9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{73FEB0E5-7888-4FA9-83EF-84581A907E9B}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E8FD18F7-C66F-4DBB-8F93-686BC5C58536}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0102A21-5ED9-11E1-958C-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.14.2
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F24C5-03E3-4DAA-B935-E7C971003F0E}" = Aeria Ignite
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.11.2111" = Aeria Ignite
"Audacity_is1" = Audacity 2.0
"EdenEternal-DE" = EdenEternal-DE
"Elsword_DE_is1" = Elsword_DE
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LostSagaEU" = Lost Saga EU
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6240
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6240
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3760
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3760
Error - 06.03.2013 06:22:53 | Computer Name = Odion-PC | Source = .NET Runtime | ID = 1022
Description =
[ System Events ]
Error - 28.07.2012 20:56:56 | Computer Name = Odion-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.131.887.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8601.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 31.07.2012 20:55:07 | Computer Name = Odion-PC | Source = DCOM | ID = 10010
Description =
Error - 01.08.2012 14:34:23 | Computer Name = Odion-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.131.1082.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.8601.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 02.08.2012 13:53:07 | Computer Name = Odion-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?08.?2012 um 19:50:50 unerwartet heruntergefahren.
< End of report >
___ GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-11 21:43:43
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Odion\AppData\Local\Temp\agloapog.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000744411a8 2 bytes [44, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000744413a8 2 bytes [44, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074441422 2 bytes [44, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074441498 2 bytes [44, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 00000000743e1b41 2 bytes [3E, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 00000000743e1be8 2 bytes [3E, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 00000000743e1c20 2 bytes [3E, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 00000000743e1cd2 2 bytes [3E, 74]
.text C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 00000000743e1cf2 2 bytes [3E, 74]
---- EOF - GMER 2.1 ----
Geändert von Ooyo00 (11.03.2013 um 22:01 Uhr) Grund: Hab Smileys mal ausgestellt. |
|
12.03.2013, 17:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Präventiver Sicherheitscheck Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
12.03.2013, 18:34
| #3 |
| | Präventiver Sicherheitscheck Heyho!
__________________Nein, weder noch. Ich mach ziemlich viel Musik mit dem Laptop und hab ein paar "exotische" VST und Plug-Ins aus anno dazumal die ich nur auf XP zum funktionieren kriege. Und ich wollte mir nicht die Mühe machen XP erneut zu installieren. |
|
12.03.2013, 23:19
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Präventiver Sicherheitscheck Naja, ob es eine Ultimate hätte sein müssen sei mal dahingestellt Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.03.2013, 20:51
| #5 |
| | Präventiver Sicherheitscheck So hier die Logs! mbar Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.13.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Odion :: ODION-PC [administrator]
13.03.2013 20:25:15
mbar-log-2013-03-13 (20-25-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29260
Time elapsed: 10 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 20:30:00
-----------------------------
20:30:00.381 OS Version: Windows x64 6.1.7600
20:30:00.381 Number of processors: 2 586 0x170A
20:30:00.381 ComputerName: ODION-PC UserName: Odion
20:30:01.567 Initialize success
20:31:18.231 AVAST engine defs: 13031300
20:33:38.475 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:33:38.475 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11
20:33:38.491 Disk 0 MBR read successfully
20:33:38.491 Disk 0 MBR scan
20:33:38.506 Disk 0 Windows 7 default MBR code
20:33:38.506 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
20:33:38.537 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295243 MB offset 20482048
20:33:38.569 Disk 0 scanning C:\Windows\system32\drivers
20:33:46.571 Service scanning
20:34:12.656 Modules scanning
20:34:12.656 Disk 0 trace - called modules:
20:34:12.687 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:34:12.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c49060]
20:34:12.702 3 CLASSPNP.SYS[fffff8800192343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046dd680]
20:34:13.919 AVAST engine scan C:\Windows
20:34:15.666 AVAST engine scan C:\Windows\system32
20:36:58.797 AVAST engine scan C:\Windows\system32\drivers
20:37:08.063 AVAST engine scan C:\Users\Odion
20:42:10.519 AVAST engine scan C:\ProgramData
20:42:40.455 Scan finished successfully
20:43:12.747 Disk 0 MBR has been saved successfully to "C:\Users\Odion\Desktop\MBR.dat"
20:43:12.747 The log file has been saved successfully to "C:\Users\Odion\Desktop\aswMBR.txt"
Code:
ATTFilter
20:45:24.0772 3536 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:45:24.0926 3536 ============================================================
20:45:24.0926 3536 Current date / time: 2013/03/13 20:45:24.0926
20:45:24.0927 3536 SystemInfo:
20:45:24.0927 3536
20:45:24.0927 3536 OS Version: 6.1.7600 ServicePack: 0.0
20:45:24.0927 3536 Product type: Workstation
20:45:24.0927 3536 ComputerName: ODION-PC
20:45:24.0927 3536 UserName: Odion
20:45:24.0927 3536 Windows directory: C:\Windows
20:45:24.0927 3536 System windows directory: C:\Windows
20:45:24.0927 3536 Running under WOW64
20:45:24.0927 3536 Processor architecture: Intel x64
20:45:24.0927 3536 Number of processors: 2
20:45:24.0927 3536 Page size: 0x1000
20:45:24.0927 3536 Boot type: Normal boot
20:45:24.0927 3536 ============================================================
20:45:25.0922 3536 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:45:25.0930 3536 ============================================================
20:45:25.0930 3536 \Device\Harddisk0\DR0:
20:45:25.0930 3536 MBR partitions:
20:45:25.0930 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x240A5800
20:45:25.0930 3536 ============================================================
20:45:25.0950 3536 C: <-> \Device\Harddisk0\DR0\Partition1
20:45:25.0950 3536 ============================================================
20:45:25.0950 3536 Initialize success
20:45:25.0950 3536 ============================================================
20:47:44.0767 3068 ============================================================
20:47:44.0767 3068 Scan started
20:47:44.0767 3068 Mode: Manual; SigCheck; TDLFS;
20:47:44.0767 3068 ============================================================
20:47:45.0607 3068 ================ Scan system memory ========================
20:47:45.0607 3068 System memory - ok
20:47:45.0608 3068 ================ Scan services =============================
20:47:45.0789 3068 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:47:45.0945 3068 1394ohci - ok
20:47:45.0974 3068 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:47:45.0998 3068 ACPI - ok
20:47:46.0030 3068 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:47:46.0103 3068 AcpiPmi - ok
20:47:46.0158 3068 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:47:46.0179 3068 adp94xx - ok
20:47:46.0218 3068 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:47:46.0236 3068 adpahci - ok
20:47:46.0262 3068 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:47:46.0279 3068 adpu320 - ok
20:47:46.0313 3068 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:47:46.0446 3068 AeLookupSvc - ok
20:47:46.0491 3068 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:47:46.0550 3068 AFD - ok
20:47:46.0593 3068 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:47:46.0607 3068 agp440 - ok
20:47:46.0639 3068 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:47:46.0707 3068 ALG - ok
20:47:46.0726 3068 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:47:46.0739 3068 aliide - ok
20:47:46.0765 3068 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:47:46.0777 3068 amdide - ok
20:47:46.0818 3068 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:47:46.0840 3068 AmdK8 - ok
20:47:46.0856 3068 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:47:46.0892 3068 AmdPPM - ok
20:47:46.0921 3068 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:47:46.0935 3068 amdsata - ok
20:47:46.0953 3068 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:47:46.0968 3068 amdsbs - ok
20:47:46.0988 3068 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:47:47.0001 3068 amdxata - ok
20:47:47.0041 3068 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:47:47.0112 3068 AppID - ok
20:47:47.0144 3068 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:47:47.0187 3068 AppIDSvc - ok
20:47:47.0217 3068 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:47:47.0247 3068 Appinfo - ok
20:47:47.0341 3068 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:47:47.0358 3068 Apple Mobile Device - ok
20:47:47.0390 3068 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:47:47.0429 3068 AppMgmt - ok
20:47:47.0480 3068 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:47:47.0498 3068 arc - ok
20:47:47.0513 3068 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:47:47.0531 3068 arcsas - ok
20:47:47.0565 3068 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:47.0618 3068 AsyncMac - ok
20:47:47.0630 3068 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:47:47.0642 3068 atapi - ok
20:47:47.0753 3068 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:47:47.0825 3068 AudioEndpointBuilder - ok
20:47:47.0874 3068 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:47:47.0929 3068 AudioSrv - ok
20:47:47.0955 3068 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:47:48.0032 3068 AxInstSV - ok
20:47:48.0071 3068 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:47:48.0119 3068 b06bdrv - ok
20:47:48.0148 3068 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:48.0178 3068 b57nd60a - ok
20:47:48.0226 3068 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:47:48.0256 3068 BDESVC - ok
20:47:48.0281 3068 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:47:48.0324 3068 Beep - ok
20:47:48.0366 3068 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:47:48.0441 3068 BFE - ok
20:47:48.0485 3068 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
20:47:48.0554 3068 BITS - ok
20:47:48.0592 3068 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:48.0609 3068 blbdrive - ok
20:47:48.0671 3068 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:47:48.0698 3068 Bonjour Service - ok
20:47:48.0742 3068 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:47:48.0783 3068 bowser - ok
20:47:48.0818 3068 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:47:48.0852 3068 BrFiltLo - ok
20:47:48.0867 3068 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:47:48.0898 3068 BrFiltUp - ok
20:47:48.0922 3068 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
20:47:48.0966 3068 Browser - ok
20:47:48.0985 3068 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:47:49.0026 3068 Brserid - ok
20:47:49.0037 3068 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:49.0068 3068 BrSerWdm - ok
20:47:49.0085 3068 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:49.0117 3068 BrUsbMdm - ok
20:47:49.0122 3068 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:49.0140 3068 BrUsbSer - ok
20:47:49.0146 3068 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:47:49.0163 3068 BTHMODEM - ok
20:47:49.0188 3068 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:47:49.0267 3068 bthserv - ok
20:47:49.0310 3068 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:47:49.0367 3068 cdfs - ok
20:47:49.0399 3068 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:47:49.0431 3068 cdrom - ok
20:47:49.0473 3068 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:47:49.0527 3068 CertPropSvc - ok
20:47:49.0550 3068 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:47:49.0566 3068 circlass - ok
20:47:49.0591 3068 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:47:49.0610 3068 CLFS - ok
20:47:49.0671 3068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:49.0691 3068 clr_optimization_v2.0.50727_32 - ok
20:47:49.0733 3068 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:49.0748 3068 clr_optimization_v2.0.50727_64 - ok
20:47:49.0806 3068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:49.0822 3068 clr_optimization_v4.0.30319_32 - ok
20:47:49.0857 3068 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:49.0872 3068 clr_optimization_v4.0.30319_64 - ok
20:47:49.0902 3068 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:49.0938 3068 CmBatt - ok
20:47:49.0966 3068 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:47:49.0981 3068 cmdide - ok
20:47:50.0014 3068 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
20:47:50.0062 3068 CNG - ok
20:47:50.0091 3068 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:47:50.0104 3068 Compbatt - ok
20:47:50.0124 3068 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:47:50.0150 3068 CompositeBus - ok
20:47:50.0169 3068 COMSysApp - ok
20:47:50.0192 3068 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:47:50.0204 3068 crcdisk - ok
20:47:50.0246 3068 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:47:50.0289 3068 CryptSvc - ok
20:47:50.0331 3068 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
20:47:50.0373 3068 CSC - ok
20:47:50.0418 3068 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
20:47:50.0447 3068 CscService - ok
20:47:50.0488 3068 [ A5D3D53178394CC7A8A26BB532575B59 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:47:50.0498 3068 dc3d - ok
20:47:50.0543 3068 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:47:50.0601 3068 DcomLaunch - ok
20:47:50.0629 3068 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:47:50.0687 3068 defragsvc - ok
20:47:50.0732 3068 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:47:50.0767 3068 DfsC - ok
20:47:50.0824 3068 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:47:50.0900 3068 Dhcp - ok
20:47:50.0930 3068 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:47:50.0994 3068 discache - ok
20:47:51.0058 3068 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:47:51.0077 3068 Disk - ok
20:47:51.0118 3068 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:47:51.0162 3068 Dnscache - ok
20:47:51.0202 3068 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:47:51.0258 3068 dot3svc - ok
20:47:51.0278 3068 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:47:51.0332 3068 DPS - ok
20:47:51.0365 3068 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:47:51.0438 3068 drmkaud - ok
20:47:51.0491 3068 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:47:51.0530 3068 DXGKrnl - ok
20:47:51.0561 3068 EagleX64 - ok
20:47:51.0592 3068 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:47:51.0636 3068 EapHost - ok
20:47:51.0734 3068 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:47:51.0859 3068 ebdrv - ok
20:47:51.0886 3068 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:47:51.0930 3068 EFS - ok
20:47:51.0993 3068 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:47:52.0048 3068 ehRecvr - ok
20:47:52.0069 3068 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:47:52.0098 3068 ehSched - ok
20:47:52.0138 3068 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:47:52.0160 3068 elxstor - ok
20:47:52.0181 3068 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:47:52.0207 3068 ErrDev - ok
20:47:52.0277 3068 [ ABC24F129C616E5DEE5CE58683606C84 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys
20:47:52.0303 3068 ESLWireAC - ok
20:47:52.0389 3068 [ 4FC6545A22D348E1B6DA15A27748B7FE ] EslWireHelper C:\Program Files\EslWire\service\WireHelperSvc.exe
20:47:52.0420 3068 EslWireHelper - ok
20:47:52.0463 3068 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:47:52.0523 3068 EventSystem - ok
20:47:52.0547 3068 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:47:52.0595 3068 exfat - ok
20:47:52.0622 3068 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:47:52.0673 3068 fastfat - ok
20:47:52.0717 3068 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:47:52.0783 3068 Fax - ok
20:47:52.0796 3068 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:47:52.0814 3068 fdc - ok
20:47:52.0846 3068 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:47:52.0895 3068 fdPHost - ok
20:47:52.0911 3068 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:47:52.0956 3068 FDResPub - ok
20:47:52.0991 3068 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:47:53.0004 3068 FileInfo - ok
20:47:53.0018 3068 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:47:53.0066 3068 Filetrace - ok
20:47:53.0089 3068 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:53.0102 3068 flpydisk - ok
20:47:53.0120 3068 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:47:53.0138 3068 FltMgr - ok
20:47:53.0190 3068 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
20:47:53.0244 3068 FontCache - ok
20:47:53.0286 3068 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:53.0302 3068 FontCache3.0.0.0 - ok
20:47:53.0327 3068 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:47:53.0340 3068 FsDepends - ok
20:47:53.0360 3068 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:47:53.0372 3068 Fs_Rec - ok
20:47:53.0421 3068 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:47:53.0448 3068 fvevol - ok
20:47:53.0476 3068 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:47:53.0493 3068 gagp30kx - ok
20:47:53.0522 3068 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:53.0532 3068 GEARAspiWDM - ok
20:47:53.0569 3068 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:47:53.0675 3068 gpsvc - ok
20:47:53.0797 3068 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:47:53.0814 3068 hamachi - ok
20:47:53.0838 3068 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:47:53.0900 3068 hcw85cir - ok
20:47:53.0936 3068 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:47:53.0957 3068 HdAudAddService - ok
20:47:53.0978 3068 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:47:54.0004 3068 HDAudBus - ok
20:47:54.0030 3068 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:47:54.0065 3068 HidBatt - ok
20:47:54.0095 3068 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:47:54.0122 3068 HidBth - ok
20:47:54.0138 3068 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:47:54.0170 3068 HidIr - ok
20:47:54.0200 3068 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:47:54.0266 3068 hidserv - ok
20:47:54.0306 3068 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:47:54.0340 3068 HidUsb - ok
20:47:54.0375 3068 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:47:54.0421 3068 hkmsvc - ok
20:47:54.0445 3068 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:47:54.0489 3068 HomeGroupListener - ok
20:47:54.0513 3068 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:47:54.0552 3068 HomeGroupProvider - ok
20:47:54.0604 3068 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:47:54.0617 3068 HpSAMD - ok
20:47:54.0659 3068 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:47:54.0723 3068 HTTP - ok
20:47:54.0751 3068 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:47:54.0764 3068 hwpolicy - ok
20:47:54.0777 3068 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:47:54.0791 3068 i8042prt - ok
20:47:54.0827 3068 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
20:47:54.0847 3068 iaStorV - ok
20:47:54.0910 3068 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:54.0945 3068 idsvc - ok
20:47:54.0977 3068 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:47:54.0990 3068 iirsp - ok
20:47:55.0034 3068 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:47:55.0103 3068 IKEEXT - ok
20:47:55.0132 3068 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:47:55.0144 3068 intelide - ok
20:47:55.0168 3068 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:47:55.0193 3068 intelppm - ok
20:47:55.0225 3068 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:47:55.0277 3068 IPBusEnum - ok
20:47:55.0295 3068 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:55.0333 3068 IpFilterDriver - ok
20:47:55.0356 3068 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:47:55.0412 3068 iphlpsvc - ok
20:47:55.0444 3068 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:47:55.0479 3068 IPMIDRV - ok
20:47:55.0501 3068 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:47:55.0572 3068 IPNAT - ok
20:47:55.0635 3068 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:47:55.0669 3068 iPod Service - ok
20:47:55.0712 3068 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:47:55.0738 3068 IRENUM - ok
20:47:55.0749 3068 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:47:55.0761 3068 isapnp - ok
20:47:55.0780 3068 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:47:55.0797 3068 iScsiPrt - ok
20:47:55.0839 3068 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
20:47:55.0867 3068 k57nd60a - ok
20:47:55.0895 3068 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:55.0908 3068 kbdclass - ok
20:47:55.0935 3068 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:55.0949 3068 kbdhid - ok
20:47:55.0964 3068 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:47:55.0978 3068 KeyIso - ok
20:47:56.0003 3068 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:47:56.0016 3068 KSecDD - ok
20:47:56.0041 3068 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:47:56.0056 3068 KSecPkg - ok
20:47:56.0076 3068 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:47:56.0126 3068 ksthunk - ok
20:47:56.0154 3068 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:47:56.0207 3068 KtmRm - ok
20:47:56.0254 3068 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:47:56.0313 3068 LanmanServer - ok
20:47:56.0339 3068 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:47:56.0389 3068 LanmanWorkstation - ok
20:47:56.0422 3068 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:47:56.0475 3068 lltdio - ok
20:47:56.0503 3068 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:47:56.0544 3068 lltdsvc - ok
20:47:56.0577 3068 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:47:56.0615 3068 lmhosts - ok
20:47:56.0651 3068 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:47:56.0665 3068 LSI_FC - ok
20:47:56.0680 3068 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:47:56.0693 3068 LSI_SAS - ok
20:47:56.0709 3068 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:47:56.0722 3068 LSI_SAS2 - ok
20:47:56.0745 3068 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:47:56.0759 3068 LSI_SCSI - ok
20:47:56.0790 3068 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:47:56.0828 3068 luafv - ok
20:47:56.0854 3068 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:47:56.0877 3068 Mcx2Svc - ok
20:47:56.0899 3068 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:47:56.0912 3068 megasas - ok
20:47:56.0934 3068 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:47:56.0952 3068 MegaSR - ok
20:47:56.0967 3068 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:47:57.0017 3068 MMCSS - ok
20:47:57.0035 3068 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:47:57.0081 3068 Modem - ok
20:47:57.0104 3068 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:47:57.0134 3068 monitor - ok
20:47:57.0165 3068 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:47:57.0178 3068 mouclass - ok
20:47:57.0205 3068 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:47:57.0234 3068 mouhid - ok
20:47:57.0253 3068 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:47:57.0266 3068 mountmgr - ok
20:47:57.0325 3068 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:47:57.0353 3068 MpFilter - ok
20:47:57.0375 3068 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:47:57.0390 3068 mpio - ok
20:47:57.0417 3068 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:47:57.0455 3068 mpsdrv - ok
20:47:57.0507 3068 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:47:57.0569 3068 MpsSvc - ok
20:47:57.0584 3068 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:47:57.0613 3068 MRxDAV - ok
20:47:57.0633 3068 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:57.0662 3068 mrxsmb - ok
20:47:57.0691 3068 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:57.0707 3068 mrxsmb10 - ok
20:47:57.0727 3068 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:57.0755 3068 mrxsmb20 - ok
20:47:57.0788 3068 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:47:57.0801 3068 msahci - ok
20:47:57.0817 3068 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:47:57.0832 3068 msdsm - ok
20:47:57.0848 3068 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:47:57.0879 3068 MSDTC - ok
20:47:57.0898 3068 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:47:57.0935 3068 Msfs - ok
20:47:57.0954 3068 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:47:58.0006 3068 mshidkmdf - ok
20:47:58.0022 3068 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:47:58.0035 3068 msisadrv - ok
20:47:58.0064 3068 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:47:58.0104 3068 MSiSCSI - ok
20:47:58.0108 3068 msiserver - ok
20:47:58.0136 3068 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:47:58.0182 3068 MSKSSRV - ok
20:47:58.0234 3068 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:47:58.0249 3068 MsMpSvc - ok
20:47:58.0273 3068 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:58.0310 3068 MSPCLOCK - ok
20:47:58.0314 3068 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:47:58.0356 3068 MSPQM - ok
20:47:58.0379 3068 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:47:58.0398 3068 MsRPC - ok
20:47:58.0418 3068 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:47:58.0431 3068 mssmbios - ok
20:47:58.0457 3068 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:47:58.0506 3068 MSTEE - ok
20:47:58.0522 3068 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:47:58.0548 3068 MTConfig - ok
20:47:58.0577 3068 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:47:58.0590 3068 Mup - ok
20:47:58.0618 3068 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:47:58.0677 3068 napagent - ok
20:47:58.0739 3068 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:47:58.0787 3068 NativeWifiP - ok
20:47:58.0829 3068 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:47:58.0860 3068 NDIS - ok
20:47:58.0891 3068 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:58.0933 3068 NdisCap - ok
20:47:58.0963 3068 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:59.0009 3068 NdisTapi - ok
20:47:59.0030 3068 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:59.0082 3068 Ndisuio - ok
20:47:59.0110 3068 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:59.0148 3068 NdisWan - ok
20:47:59.0164 3068 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:47:59.0220 3068 NDProxy - ok
20:47:59.0243 3068 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:47:59.0293 3068 NetBIOS - ok
20:47:59.0313 3068 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:47:59.0353 3068 NetBT - ok
20:47:59.0364 3068 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:47:59.0377 3068 Netlogon - ok
20:47:59.0418 3068 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:47:59.0470 3068 Netman - ok
20:47:59.0488 3068 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:47:59.0539 3068 netprofm - ok
20:47:59.0563 3068 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:59.0574 3068 NetTcpPortSharing - ok
20:47:59.0720 3068 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:47:59.0884 3068 netw5v64 - ok
20:47:59.0923 3068 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:47:59.0936 3068 nfrd960 - ok
20:48:00.0005 3068 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:48:00.0026 3068 NisDrv - ok
20:48:00.0051 3068 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:48:00.0073 3068 NisSrv - ok
20:48:00.0115 3068 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:48:00.0172 3068 NlaSvc - ok
20:48:00.0193 3068 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:48:00.0237 3068 Npfs - ok
20:48:00.0250 3068 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:48:00.0305 3068 nsi - ok
20:48:00.0321 3068 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:48:00.0369 3068 nsiproxy - ok
20:48:00.0439 3068 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:48:00.0487 3068 Ntfs - ok
20:48:00.0509 3068 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:48:00.0545 3068 Null - ok
20:48:00.0586 3068 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:48:00.0600 3068 NVHDA - ok
20:48:00.0885 3068 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:48:01.0269 3068 nvlddmkm - ok
20:48:01.0359 3068 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
20:48:01.0384 3068 nvraid - ok
20:48:01.0406 3068 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
20:48:01.0421 3068 nvstor - ok
20:48:01.0489 3068 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:48:01.0535 3068 nvsvc - ok
20:48:01.0558 3068 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:48:01.0571 3068 nv_agp - ok
20:48:01.0629 3068 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:48:01.0657 3068 odserv - ok
20:48:01.0688 3068 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:48:01.0720 3068 ohci1394 - ok
20:48:01.0790 3068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:01.0811 3068 ose - ok
20:48:01.0857 3068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:48:01.0902 3068 p2pimsvc - ok
20:48:01.0932 3068 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:48:01.0960 3068 p2psvc - ok
20:48:01.0989 3068 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:48:02.0003 3068 Parport - ok
20:48:02.0024 3068 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:48:02.0038 3068 partmgr - ok
20:48:02.0071 3068 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:48:02.0105 3068 PcaSvc - ok
20:48:02.0118 3068 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:48:02.0134 3068 pci - ok
20:48:02.0154 3068 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:48:02.0167 3068 pciide - ok
20:48:02.0190 3068 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:48:02.0206 3068 pcmcia - ok
20:48:02.0219 3068 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:48:02.0233 3068 pcw - ok
20:48:02.0253 3068 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:48:02.0314 3068 PEAUTH - ok
20:48:02.0367 3068 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:48:02.0419 3068 PeerDistSvc - ok
20:48:02.0481 3068 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:48:02.0512 3068 PerfHost - ok
20:48:02.0570 3068 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:48:02.0636 3068 pla - ok
20:48:02.0670 3068 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:48:02.0724 3068 PlugPlay - ok
20:48:02.0747 3068 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:48:02.0776 3068 PNRPAutoReg - ok
20:48:02.0801 3068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:48:02.0818 3068 PNRPsvc - ok
20:48:02.0858 3068 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
20:48:02.0874 3068 Point64 - ok
20:48:02.0911 3068 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:48:02.0966 3068 PolicyAgent - ok
20:48:03.0004 3068 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:48:03.0054 3068 Power - ok
20:48:03.0078 3068 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:48:03.0141 3068 PptpMiniport - ok
20:48:03.0151 3068 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:48:03.0178 3068 Processor - ok
20:48:03.0201 3068 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
20:48:03.0229 3068 ProfSvc - ok
20:48:03.0243 3068 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:03.0257 3068 ProtectedStorage - ok
20:48:03.0281 3068 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:48:03.0326 3068 Psched - ok
20:48:03.0386 3068 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:48:03.0435 3068 ql2300 - ok
20:48:03.0452 3068 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:48:03.0466 3068 ql40xx - ok
20:48:03.0501 3068 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:48:03.0547 3068 QWAVE - ok
20:48:03.0572 3068 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:48:03.0605 3068 QWAVEdrv - ok
20:48:03.0626 3068 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:48:03.0678 3068 RasAcd - ok
20:48:03.0709 3068 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:48:03.0773 3068 RasAgileVpn - ok
20:48:03.0799 3068 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:48:03.0838 3068 RasAuto - ok
20:48:03.0867 3068 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:03.0923 3068 Rasl2tp - ok
20:48:03.0950 3068 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:48:04.0015 3068 RasMan - ok
20:48:04.0036 3068 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:04.0074 3068 RasPppoe - ok
20:48:04.0090 3068 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:48:04.0135 3068 RasSstp - ok
20:48:04.0164 3068 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:48:04.0213 3068 rdbss - ok
20:48:04.0238 3068 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:48:04.0255 3068 rdpbus - ok
20:48:04.0266 3068 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:04.0303 3068 RDPCDD - ok
20:48:04.0324 3068 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:48:04.0370 3068 RDPDR - ok
20:48:04.0392 3068 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:48:04.0460 3068 RDPENCDD - ok
20:48:04.0475 3068 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:48:04.0512 3068 RDPREFMP - ok
20:48:04.0552 3068 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:48:04.0588 3068 RDPWD - ok
20:48:04.0607 3068 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:48:04.0623 3068 rdyboost - ok
20:48:04.0656 3068 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:48:04.0706 3068 RemoteAccess - ok
20:48:04.0742 3068 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:48:04.0814 3068 RemoteRegistry - ok
20:48:04.0825 3068 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:48:04.0881 3068 RpcEptMapper - ok
20:48:04.0901 3068 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:48:04.0929 3068 RpcLocator - ok
20:48:04.0955 3068 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
20:48:04.0999 3068 RpcSs - ok
20:48:05.0041 3068 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:48:05.0098 3068 rspndr - ok
20:48:05.0116 3068 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
20:48:05.0149 3068 s3cap - ok
20:48:05.0165 3068 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:48:05.0178 3068 SamSs - ok
20:48:05.0199 3068 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:48:05.0212 3068 sbp2port - ok
20:48:05.0236 3068 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:48:05.0291 3068 SCardSvr - ok
20:48:05.0327 3068 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:48:05.0393 3068 scfilter - ok
20:48:05.0447 3068 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:48:05.0489 3068 Schedule - ok
20:48:05.0507 3068 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:48:05.0545 3068 SCPolicySvc - ok
20:48:05.0576 3068 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:48:05.0616 3068 SDRSVC - ok
20:48:05.0658 3068 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:48:05.0712 3068 secdrv - ok
20:48:05.0742 3068 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:48:05.0810 3068 seclogon - ok
20:48:05.0834 3068 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:48:05.0894 3068 SENS - ok
20:48:05.0918 3068 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:48:05.0963 3068 SensrSvc - ok
20:48:05.0982 3068 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:48:05.0996 3068 Serenum - ok
20:48:06.0029 3068 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:48:06.0061 3068 Serial - ok
20:48:06.0066 3068 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:48:06.0103 3068 sermouse - ok
20:48:06.0143 3068 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:48:06.0183 3068 SessionEnv - ok
20:48:06.0188 3068 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:48:06.0218 3068 sffdisk - ok
20:48:06.0223 3068 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:48:06.0244 3068 sffp_mmc - ok
20:48:06.0264 3068 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:48:06.0279 3068 sffp_sd - ok
20:48:06.0296 3068 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:48:06.0326 3068 sfloppy - ok
20:48:06.0363 3068 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:48:06.0421 3068 SharedAccess - ok
20:48:06.0463 3068 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:06.0508 3068 ShellHWDetection - ok
20:48:06.0547 3068 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:48:06.0568 3068 SiSRaid2 - ok
20:48:06.0584 3068 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:48:06.0597 3068 SiSRaid4 - ok
20:48:06.0655 3068 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:48:06.0678 3068 SkypeUpdate - ok
20:48:06.0704 3068 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:48:06.0742 3068 Smb - ok
20:48:06.0774 3068 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:48:06.0804 3068 SNMPTRAP - ok
20:48:06.0836 3068 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:48:06.0849 3068 spldr - ok
20:48:06.0876 3068 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
20:48:06.0915 3068 Spooler - ok
20:48:07.0009 3068 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:48:07.0131 3068 sppsvc - ok
20:48:07.0152 3068 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:48:07.0192 3068 sppuinotify - ok
20:48:07.0231 3068 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:48:07.0287 3068 srv - ok
20:48:07.0321 3068 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:48:07.0339 3068 srv2 - ok
20:48:07.0351 3068 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:48:07.0376 3068 srvnet - ok
20:48:07.0413 3068 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:48:07.0454 3068 SSDPSRV - ok
20:48:07.0468 3068 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:48:07.0507 3068 SstpSvc - ok
20:48:07.0536 3068 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:48:07.0549 3068 stexstor - ok
20:48:07.0592 3068 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:48:07.0619 3068 stisvc - ok
20:48:07.0637 3068 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:48:07.0650 3068 storflt - ok
20:48:07.0681 3068 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
20:48:07.0693 3068 storvsc - ok
20:48:07.0706 3068 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:48:07.0719 3068 swenum - ok
20:48:07.0766 3068 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:48:07.0821 3068 swprv - ok
20:48:07.0867 3068 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:48:07.0925 3068 SysMain - ok
20:48:07.0954 3068 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:07.0980 3068 TabletInputService - ok
20:48:08.0006 3068 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:48:08.0061 3068 TapiSrv - ok
20:48:08.0098 3068 [ 17F8B44FE344EA264CB6C9877DB35298 ] TASCAM_US122144 C:\Windows\system32\Drivers\tascusb2.sys
20:48:08.0138 3068 TASCAM_US122144 - ok
20:48:08.0164 3068 [ 7D32EFE52F83411C29B572C241FA6C16 ] TASCAM_US144_MK2_MIDI C:\Windows\system32\drivers\tscusb2m.sys
20:48:08.0197 3068 TASCAM_US144_MK2_MIDI - ok
20:48:08.0234 3068 [ BB53351BD572213E48228B934C36CCF1 ] TASCAM_US144_MK2_WDM C:\Windows\system32\drivers\tscusb2a.sys
20:48:08.0279 3068 TASCAM_US144_MK2_WDM - ok
20:48:08.0313 3068 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:48:08.0359 3068 TBS - ok
20:48:08.0422 3068 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:48:08.0474 3068 Tcpip - ok
20:48:08.0544 3068 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:48:08.0590 3068 TCPIP6 - ok
20:48:08.0613 3068 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:48:08.0656 3068 tcpipreg - ok
20:48:08.0670 3068 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:48:08.0692 3068 TDPIPE - ok
20:48:08.0710 3068 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:48:08.0733 3068 TDTCP - ok
20:48:08.0759 3068 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:48:08.0808 3068 tdx - ok
20:48:08.0822 3068 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:48:08.0835 3068 TermDD - ok
20:48:08.0875 3068 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:48:08.0928 3068 TermService - ok
20:48:08.0939 3068 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:48:08.0971 3068 Themes - ok
20:48:08.0990 3068 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:48:09.0029 3068 THREADORDER - ok
20:48:09.0053 3068 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:48:09.0092 3068 TrkWks - ok
20:48:09.0123 3068 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:09.0139 3068 TrustedInstaller - ok
20:48:09.0166 3068 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:09.0217 3068 tssecsrv - ok
20:48:09.0243 3068 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:48:09.0294 3068 tunnel - ok
20:48:09.0310 3068 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:48:09.0323 3068 uagp35 - ok
20:48:09.0341 3068 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:48:09.0384 3068 udfs - ok
20:48:09.0400 3068 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:48:09.0415 3068 UI0Detect - ok
20:48:09.0444 3068 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:48:09.0457 3068 uliagpkx - ok
20:48:09.0489 3068 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:48:09.0511 3068 umbus - ok
20:48:09.0526 3068 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:48:09.0539 3068 UmPass - ok
20:48:09.0565 3068 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
20:48:09.0581 3068 UmRdpService - ok
20:48:09.0602 3068 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:48:09.0645 3068 upnphost - ok
20:48:09.0680 3068 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:48:09.0716 3068 USBAAPL64 - ok
20:48:09.0744 3068 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:09.0772 3068 usbccgp - ok
20:48:09.0796 3068 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:48:09.0824 3068 usbcir - ok
20:48:09.0843 3068 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:48:09.0856 3068 usbehci - ok
20:48:09.0897 3068 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:48:09.0926 3068 usbhub - ok
20:48:09.0958 3068 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:48:09.0986 3068 usbohci - ok
20:48:10.0026 3068 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:48:10.0059 3068 usbprint - ok
20:48:10.0098 3068 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:48:10.0137 3068 usbscan - ok
20:48:10.0159 3068 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:10.0206 3068 USBSTOR - ok
20:48:10.0235 3068 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:48:10.0259 3068 usbuhci - ok
20:48:10.0303 3068 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:48:10.0373 3068 usbvideo - ok
20:48:10.0403 3068 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:48:10.0442 3068 UxSms - ok
20:48:10.0454 3068 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:48:10.0468 3068 VaultSvc - ok
20:48:10.0488 3068 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:48:10.0500 3068 vdrvroot - ok
20:48:10.0538 3068 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:48:10.0572 3068 vds - ok
20:48:10.0588 3068 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:10.0604 3068 vga - ok
20:48:10.0616 3068 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:48:10.0663 3068 VgaSave - ok
20:48:10.0678 3068 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:48:10.0695 3068 vhdmp - ok
20:48:10.0730 3068 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:48:10.0743 3068 viaide - ok
20:48:10.0765 3068 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
20:48:10.0780 3068 vmbus - ok
20:48:10.0785 3068 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
20:48:10.0810 3068 VMBusHID - ok
20:48:10.0827 3068 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:48:10.0840 3068 volmgr - ok
20:48:10.0861 3068 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:48:10.0880 3068 volmgrx - ok
20:48:10.0906 3068 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:48:10.0923 3068 volsnap - ok
20:48:10.0955 3068 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:48:10.0970 3068 vsmraid - ok
20:48:11.0018 3068 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:48:11.0073 3068 VSS - ok
20:48:11.0097 3068 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:48:11.0124 3068 vwifibus - ok
20:48:11.0147 3068 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:48:11.0191 3068 W32Time - ok
20:48:11.0205 3068 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:48:11.0218 3068 WacomPen - ok
20:48:11.0246 3068 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:48:11.0296 3068 WANARP - ok
20:48:11.0301 3068 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:48:11.0339 3068 Wanarpv6 - ok
20:48:11.0409 3068 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:48:11.0483 3068 wbengine - ok
20:48:11.0519 3068 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:48:11.0540 3068 WbioSrvc - ok
20:48:11.0575 3068 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:48:11.0635 3068 wcncsvc - ok
20:48:11.0652 3068 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:11.0689 3068 WcsPlugInService - ok
20:48:11.0720 3068 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:48:11.0733 3068 Wd - ok
20:48:11.0775 3068 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:48:11.0811 3068 Wdf01000 - ok
20:48:11.0824 3068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:48:11.0855 3068 WdiServiceHost - ok
20:48:11.0859 3068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:48:11.0881 3068 WdiSystemHost - ok
20:48:11.0912 3068 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
20:48:11.0942 3068 WebClient - ok
20:48:11.0978 3068 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:48:12.0031 3068 Wecsvc - ok
20:48:12.0046 3068 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:48:12.0104 3068 wercplsupport - ok
20:48:12.0138 3068 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:48:12.0210 3068 WerSvc - ok
20:48:12.0241 3068 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:12.0277 3068 WfpLwf - ok
20:48:12.0298 3068 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:48:12.0311 3068 WIMMount - ok
20:48:12.0320 3068 WinDefend - ok
20:48:12.0331 3068 WinHttpAutoProxySvc - ok
20:48:12.0379 3068 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:48:12.0435 3068 Winmgmt - ok
20:48:12.0505 3068 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:48:12.0576 3068 WinRM - ok
20:48:12.0633 3068 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:48:12.0648 3068 WinUsb - ok
20:48:12.0688 3068 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:48:12.0736 3068 Wlansvc - ok
20:48:12.0779 3068 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:48:12.0813 3068 WmiAcpi - ok
20:48:12.0846 3068 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:48:12.0883 3068 wmiApSrv - ok
20:48:12.0905 3068 WMPNetworkSvc - ok
20:48:12.0936 3068 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:48:12.0964 3068 WPCSvc - ok
20:48:12.0986 3068 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:48:13.0013 3068 WPDBusEnum - ok
20:48:13.0039 3068 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:48:13.0098 3068 ws2ifsl - ok
20:48:13.0124 3068 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
20:48:13.0203 3068 wscsvc - ok
20:48:13.0210 3068 WSearch - ok
20:48:13.0281 3068 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:48:13.0342 3068 wuauserv - ok
20:48:13.0364 3068 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:48:13.0393 3068 WudfPf - ok
20:48:13.0435 3068 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:13.0471 3068 WUDFRd - ok
20:48:13.0505 3068 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:48:13.0529 3068 wudfsvc - ok
20:48:13.0559 3068 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:48:13.0595 3068 WwanSvc - ok
20:48:13.0686 3068 X6va001 - ok
20:48:13.0758 3068 X6va008 - ok
20:48:13.0784 3068 X6va009 - ok
20:48:13.0805 3068 X6va010 - ok
20:48:13.0824 3068 X6va011 - ok
20:48:13.0843 3068 ================ Scan global ===============================
20:48:13.0872 3068 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:48:13.0898 3068 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
20:48:13.0910 3068 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
20:48:13.0948 3068 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:48:13.0972 3068 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:48:13.0977 3068 [Global] - ok
20:48:13.0977 3068 ================ Scan MBR ==================================
20:48:13.0989 3068 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:48:14.0285 3068 \Device\Harddisk0\DR0 - ok
20:48:14.0286 3068 ================ Scan VBR ==================================
20:48:14.0290 3068 [ CEDD03B0CD180CC3B2470E9B58A12D6C ] \Device\Harddisk0\DR0\Partition1
20:48:14.0292 3068 \Device\Harddisk0\DR0\Partition1 - ok
20:48:14.0294 3068 ============================================================
20:48:14.0294 3068 Scan finished
20:48:14.0294 3068 ============================================================
20:48:14.0313 3056 Detected object count: 0
20:48:14.0313 3056 Actual detected object count: 0
20:48:37.0422 3540 Deinitialize success
|
|
13.03.2013, 21:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Präventiver Sicherheitscheck Unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Präventiver Sicherheitscheck |
|
13.03.2013, 22:20
| #7 |
| | Präventiver Sicherheitscheck JRT Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Ultimate x64
Ran by Odion on 13.03.2013 at 21:53:19,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Odion\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 22:00:52,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 13/03/2013 um 22:03:15 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzer : Odion - ODION-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Odion\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [698 octets] - [13/03/2013 22:03:15]
########## EOF - C:\AdwCleaner[S1].txt - [757 octets] ##########
[/CODE] OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.03.2013 22:09:01 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Odion\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,67% Memory free 7,99 Gb Paging File | 6,17 Gb Available in Paging File | 77,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,32 Gb Total Space | 211,86 Gb Free Space | 73,48% Space Free | Partition Type: NTFS Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Odion\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) PRC - C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) ========== Modules (No Company Name) ========== MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll () MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll () MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll () MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\VideoWebCamera\Utility.dll () MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (EslWireHelper) -- C:\Programme\EslWire\service\WireHelperSvc.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TASCAM_US122144) -- C:\Windows\SysNative\drivers\tascusb2.sys (TASCAM) DRV:64bit: - (TASCAM_US144_MK2_WDM) -- C:\Windows\SysNative\drivers\tscusb2a.sys (TASCAM) DRV:64bit: - (TASCAM_US144_MK2_MIDI) -- C:\Windows\SysNative\drivers\tscusb2m.sys (TASCAM) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA DE 6C C4 78 20 CD 01 [binary data] IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll CHR - Extension: YouTube = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Google-Suche = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: ProxMate - unblock the Internet! = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.2.4_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Google Mail = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Program Files (x86)\PLFSetI.exe File not found O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001..\Run: [Akamai NetSession Interface] C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129D832F-611B-4C09-AFF2-189DA02FBA23}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F836FCEB-46C2-45AE-8ACA-F6B3A018AC99}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 21:53:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.13 21:51:44 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.13 21:50:44 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Odion\Desktop\JRT.exe [2013.03.13 20:44:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Odion\Desktop\tdsskiller.exe [2013.03.13 20:25:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Odion\Desktop\aswMBR.exe [2013.03.13 20:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.13 20:12:26 | 000,000,000 | ---D | C] -- C:\Users\Odion\Desktop\mbar [2013.03.13 01:19:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 01:19:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 01:19:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 01:19:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 01:19:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 01:19:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 01:19:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 01:19:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 01:19:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 01:19:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 01:19:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 01:19:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 01:18:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 01:18:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 01:18:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.11 21:20:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe [2013.03.03 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc [2013.02.15 02:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.15 02:27:14 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.15 02:27:14 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.15 02:27:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.15 02:27:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.15 02:27:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.13 11:17:38 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 11:17:36 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 11:17:36 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 11:17:25 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 11:17:25 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 11:17:25 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 11:17:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 11:17:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 11:17:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 11:17:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 11:17:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:17:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:17:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 11:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 11:17:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 11:17:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 11:17:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 11:17:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:17:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:17:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:17:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:17:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:17:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:17:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 11:17:13 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.12 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.12 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2013.03.13 22:12:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001UA.job [2013.03.13 22:10:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 22:10:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 22:05:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 22:04:57 | 3217,170,432 | -HS- | M] () -- C:\hiberfil.sys [2013.03.13 22:01:45 | 000,597,667 | ---- | M] () -- C:\Users\Odion\Desktop\adwcleaner.exe [2013.03.13 21:51:07 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Odion\Desktop\JRT.exe [2013.03.13 20:44:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Odion\Desktop\tdsskiller.exe [2013.03.13 20:43:12 | 000,000,512 | ---- | M] () -- C:\Users\Odion\Desktop\MBR.dat [2013.03.13 20:27:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Odion\Desktop\aswMBR.exe [2013.03.13 10:37:02 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.13 10:37:02 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.13 10:37:02 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.13 10:37:02 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.13 10:37:02 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.13 10:32:40 | 000,094,672 | ---- | M] () -- C:\Users\Odion\Desktop\We Are Turkish Airlines Ad Song.mp3.sfk [2013.03.13 10:32:36 | 002,072,558 | ---- | M] () -- C:\Users\Odion\Desktop\Turkish Airline Song.mp3 [2013.03.12 23:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001Core.job [2013.03.12 19:48:45 | 000,034,232 | ---- | M] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).sfk [2013.03.12 19:48:19 | 004,373,160 | ---- | M] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).wav [2013.03.11 21:47:22 | 460,295,448 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.11 21:34:27 | 000,377,856 | ---- | M] () -- C:\Users\Odion\Desktop\gmer_2.1.19155.exe [2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe [2013.03.11 21:19:32 | 000,000,000 | ---- | M] () -- C:\Users\Odion\defogger_reenable [2013.03.11 21:18:07 | 000,050,477 | ---- | M] () -- C:\Users\Odion\Desktop\Defogger.exe [2013.03.06 11:15:05 | 000,002,364 | ---- | M] () -- C:\Users\Odion\Desktop\Google Chrome.lnk [2013.03.04 16:35:30 | 1244,171,973 | ---- | M] () -- C:\Users\Odion\Desktop\Lulul.rar [2013.03.04 16:16:07 | 000,013,824 | ---- | M] () -- C:\Users\Odion\Documents\Okay.veg [2013.02.28 22:27:48 | 003,487,768 | ---- | M] () -- C:\Users\Odion\Desktop\JBB.mp3 [2013.02.25 18:47:52 | 000,015,096 | ---- | M] () -- C:\Users\Odion\Documents\HS.veg [2013.02.20 15:32:18 | 017,621,248 | ---- | M] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav [2013.02.17 18:45:31 | 122,393,698 | ---- | M] () -- C:\Users\Odion\Documents\niiice.mp4 [2013.02.15 02:26:43 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.15 02:26:35 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.15 02:26:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.15 02:26:34 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.15 02:26:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.15 02:26:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.14 12:18:28 | 000,313,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.14 02:45:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.12 14:24:18 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2013.03.13 22:01:43 | 000,597,667 | ---- | C] () -- C:\Users\Odion\Desktop\adwcleaner.exe [2013.03.13 20:43:12 | 000,000,512 | ---- | C] () -- C:\Users\Odion\Desktop\MBR.dat [2013.03.13 10:32:34 | 002,072,558 | ---- | C] () -- C:\Users\Odion\Desktop\Turkish Airline Song.mp3 [2013.03.13 10:32:02 | 000,094,672 | ---- | C] () -- C:\Users\Odion\Desktop\We Are Turkish Airlines Ad Song.mp3.sfk [2013.03.12 19:37:49 | 000,034,232 | ---- | C] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).sfk [2013.03.12 19:37:37 | 004,373,160 | ---- | C] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).wav [2013.03.11 21:34:26 | 000,377,856 | ---- | C] () -- C:\Users\Odion\Desktop\gmer_2.1.19155.exe [2013.03.11 21:19:32 | 000,000,000 | ---- | C] () -- C:\Users\Odion\defogger_reenable [2013.03.11 21:18:06 | 000,050,477 | ---- | C] () -- C:\Users\Odion\Desktop\Defogger.exe [2013.03.04 16:29:47 | 1244,171,973 | ---- | C] () -- C:\Users\Odion\Desktop\Lulul.rar [2013.03.04 16:16:07 | 000,013,824 | ---- | C] () -- C:\Users\Odion\Documents\Okay.veg [2013.02.28 22:10:28 | 003,487,768 | ---- | C] () -- C:\Users\Odion\Desktop\JBB.mp3 [2013.02.25 18:47:52 | 000,015,096 | ---- | C] () -- C:\Users\Odion\Documents\HS.veg [2013.02.20 15:32:16 | 017,621,248 | ---- | C] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav [2013.02.17 18:27:38 | 122,393,698 | ---- | C] () -- C:\Users\Odion\Documents\niiice.mp4 [2012.05.31 13:44:20 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/CODE] und das Extrafile OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.03.2013 22:09:01 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,67% Memory free
7,99 Gb Paging File | 6,17 Gb Available in Paging File | 77,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,86 Gb Free Space | 73,48% Space Free | Partition Type: NTFS
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D76EE9-A5E8-427F-9606-1CC52B99E852}" = rport=138 | protocol=17 | dir=out | app=system |
"{02B784D5-0C66-4CF7-9358-ED600A309735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{088EFE32-B0C4-4C27-9905-C1B1A7DAB2DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0DF1AAB6-4A83-4CFD-B93E-9E23AB20768D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10EE3223-6102-4F13-8C3E-5B33792FA9BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13E77085-AD60-42A9-9E3E-824A1A092A3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{14E98A35-DD06-4BCB-B987-3B373F947AB0}" = lport=139 | protocol=6 | dir=in | app=system |
"{194508BE-5954-4ED4-A1F7-22D5F5F4BD77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64C98732-A5B7-411C-937E-0CE9F49DFF99}" = rport=139 | protocol=6 | dir=out | app=system |
"{690C87EE-F09D-48EA-AF75-EEFF9E1E0453}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EFE13F2-F3D9-4F51-A745-1CCAB1FA081A}" = lport=445 | protocol=6 | dir=in | app=system |
"{72F57342-66BA-405E-8ABA-A495C706D3C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74B5A420-E3A2-4F1B-ABE8-B4DFB4F49B13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F37989-9B6B-482C-96CE-91EA26988B8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D24AFBC-C7B4-42A0-98F6-170A744A4F12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82D5A951-1A34-4BDB-AB50-209FA7AB5607}" = lport=137 | protocol=17 | dir=in | app=system |
"{901EB14E-5DC2-4A61-9619-D419BF435A3C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A13E267-9A89-433B-B0CA-2F8AC3241EC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9FD52368-EC56-4ACF-9E21-17A087FCFA64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6D8C6B5-BA04-4A07-8E9D-7B23414A694A}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB48DA1C-A2FD-43BA-940E-3535157FF6BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5D83B5C-FBB3-4D10-B2C2-B2E5EC90A746}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00589857-9A74-464E-B7D5-9958DB83CAFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{060865CE-9EE7-4B30-8DF0-181AFB93F946}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{0DA4C8CC-DB2F-4440-8A16-9E6C6A7CE92A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{12BA1064-66CB-4F7C-800C-48E51E6B0561}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{1360506E-CE93-4F1E-8D75-FB927A1E832B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16C555F0-6BF9-482C-9D89-92782E14A081}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{199453F8-0064-456F-8C3B-C5F5BAA27767}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{22BDBF0C-C34E-4D2D-A8CF-D366CBC5C3E6}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{264BA0E4-9A39-4612-8EE1-8FF0BDF2472D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31A31B02-3C60-4F08-A519-914BE58EAC8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{3C19A017-5D2E-4BEA-A253-30D060095618}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44B1A2BE-5FB9-4D27-95FB-AFD95234C763}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{45EBFF91-CF77-4BE2-A150-E75A3BAF7A99}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{4AAF8D5B-EFA5-4389-9121-E829917239A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{4AB8D6EC-1A67-4DD8-8C9E-373907D5FAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{4ABB5E93-5FED-455E-AFDB-3D1B95843AF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FE19CC3-6105-4169-BFA7-D5799760410C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{51FD3C44-5447-4CAE-8531-70897581FD20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6133DA1D-E1D3-4992-8225-C9310CDA6F97}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6205FAB8-A38A-4654-9F7A-8D6A08A0EE40}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{64725DBC-B47C-430A-B8A3-02B91AD26648}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67D8651E-E4F5-44A0-861D-E52707AC197F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B32C291-122E-456C-B873-CAEFF952D057}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C0422CE-44B7-4F45-8374-DB06B8F03092}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C1D4351-C786-4176-8FCA-FC53DCEE0615}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84F71C2B-15EA-48B2-BBAA-0186C7637534}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AB64104-98E8-4F17-9098-23B69950A474}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A44FA021-3C56-4710-A27B-92BBC2BC76D5}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{AEDAA44B-BA54-48A5-9E0E-98D55286F098}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B82775D7-42AD-4579-BD0B-89510266C4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{CA007730-0867-4642-9723-351310A58129}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{CB4EA792-52CA-4DC9-A642-B3B432BC35C3}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{CCD0F669-77AE-4FFB-AE29-60B44E62BE64}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{D44C4487-0634-44CC-9F09-503B77B84D65}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{DA8AACD1-9DCE-4153-8DD9-EE9A0A634DDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAFCAEB4-F1C8-434D-8780-EBFBF7FD7EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB9CBB95-7BA6-4DF3-AB12-A83471ECCA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{F524B257-3039-4FE2-B433-9D3F038B2B27}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{FB8B6D3B-1E06-4C90-A470-A32C1CB25E02}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF893876-6E01-4E45-A8B8-0DB16B4FE711}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"TCP Query User{3BB936CC-4A4A-476E-9C7E-0697088FE059}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55F6D8FE-00AB-40AA-86A4-5EC1E1C2A14B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EECA2A0-F33A-4C9B-9560-FF16F2BEF846}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BD306950-B0CD-44CD-8223-B5C1B123FCC3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EAB878AC-22BC-4DF5-9BED-827E23442A6D}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F18733E5-9A22-4A5A-898A-F33D9385B723}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{1695D144-8033-4007-80ED-BBBE520B768E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{62360048-92D5-43E0-89F1-2523B74E5719}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6A250440-BB5E-4143-9D9D-E87A59222EA7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6EDCB93D-8F5D-4567-85C3-BD7F14ECE4B9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{73FEB0E5-7888-4FA9-83EF-84581A907E9B}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E8FD18F7-C66F-4DBB-8F93-686BC5C58536}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0102A21-5ED9-11E1-958C-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.14.2
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F24C5-03E3-4DAA-B935-E7C971003F0E}" = Aeria Ignite
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.11.2111" = Aeria Ignite
"Audacity_is1" = Audacity 2.0
"EdenEternal-DE" = EdenEternal-DE
"Elsword_DE_is1" = Elsword_DE
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LostSagaEU" = Lost Saga EU
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
< End of report >
[/CODE] |
|
14.03.2013, 14:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Präventiver Sicherheitscheck Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2013, 21:41
| #9 |
| | Präventiver Sicherheitscheck Super! mbam Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.14.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Odion :: ODION-PC [Administrator] Schutz: Aktiviert 14.03.2013 18:19:51 mbam-log-2013-03-14 (18-19-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204552 Laufzeit: 2 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2879b626bd990948933b377a2a5676f0
# engine=13389
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-14 06:40:42
# local_time=2013-03-14 07:40:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 24911981 115692113 0 0
# scanned=158238
# found=0
# cleaned=0
# scan_time=4366
|
|
15.03.2013, 01:08
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Präventiver Sicherheitscheck Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2013, 17:49
| #11 |
| | Präventiver Sicherheitscheck Nein, alles gut! Vielen, vielen Dank fürs Durchchecken und Auswerten der Logs! Gibt es beim Aufräumen noch Etwas, das ich beachten muss? Oder lässt sich Alles ganz normal manuell löschen? |
|
15.03.2013, 19:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Präventiver Sicherheitscheck Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Präventiver Sicherheitscheck |
| adblock, akamai, autorun, bho, bonjour, converter, error, explorer, fehler, firefox, format, homepage, install.exe, karte, kreditkarte, mp3, msvcrt, nvidia, office 2007, plug-in, problembehandlung, registry, rundll, scan, security, senden, software, svchost.exe, temp, tippen, udp, windows |
Linear-Darstellung
