Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Präventiver Sicherheitscheck

Präventiver Sicherheitscheck


Log-Analyse und Auswertung: Präventiver Sicherheitscheck

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.03.2013, 21:55   #1
Ooyo00
 
Präventiver Sicherheitscheck - Standard

Präventiver Sicherheitscheck


Hallo!

Folgendes: Ich würde gerne demnächst an meinem Laptop einige Online-Käufe usw. machen, allerdings hatte ich in vergangenen Jahren schon mal Probleme mit Malware.
Mittlerweile wurde der Laptop öfters neu aufgesetzt, allerdings seit längerer Zeit nun nicht mehr, und darum würde ich das Ding gerne einfach mal mit euch durchchecken, um zu schauen ob ich mit gutem Gewissen Kreditkarteninfos an meinem PC eintippen kann :)

Hier die Logfiles von OTL und gmer:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.03.2013 21:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,64% Memory free
7,99 Gb Paging File | 7,02 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,81 Gb Free Space | 73,46% Space Free | Partition Type: NTFS
 
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe
PRC - [2009.03.12 17:15:58 | 001,552,497 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.01 20:54:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009.01.12 15:11:40 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.04 11:16:08 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.09.04 11:16:00 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.08.01 14:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.30 11:01:09 | 000,465,408 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV:64bit: - [2009.07.30 11:01:09 | 000,043,520 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV:64bit: - [2009.07.30 11:01:09 | 000,025,600 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA DE 6C C4 78 20 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: YouTube = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: ProxMate - unblock the Internet! = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.2.4_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Program Files (x86)\PLFSetI.exe File not found
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129D832F-611B-4C09-AFF2-189DA02FBA23}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F836FCEB-46C2-45AE-8ACA-F6B3A018AC99}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.11 21:20:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
[2013.03.03 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc
[2013.02.15 02:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.12 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.12 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
[2013.03.11 21:19:32 | 000,000,000 | ---- | M] () -- C:\Users\Odion\defogger_reenable
[2013.03.11 21:18:07 | 000,050,477 | ---- | M] () -- C:\Users\Odion\Desktop\Defogger.exe
[2013.03.11 21:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001UA.job
[2013.03.11 18:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.11 17:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 17:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 17:23:34 | 3217,170,432 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 23:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001Core.job
[2013.03.06 11:15:05 | 000,002,364 | ---- | M] () -- C:\Users\Odion\Desktop\Google Chrome.lnk
[2013.03.04 16:35:30 | 1244,171,973 | ---- | M] () -- C:\Users\Odion\Desktop\Lulul.rar
[2013.03.04 16:16:07 | 000,013,824 | ---- | M] () -- C:\Users\Odion\Documents\Okay.veg
[2013.02.28 22:27:48 | 003,487,768 | ---- | M] () -- C:\Users\Odion\Desktop\JBB.mp3
[2013.02.25 18:47:52 | 000,015,096 | ---- | M] () -- C:\Users\Odion\Documents\HS.veg
[2013.02.20 15:32:18 | 017,621,248 | ---- | M] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav
[2013.02.17 18:45:31 | 122,393,698 | ---- | M] () -- C:\Users\Odion\Documents\niiice.mp4
[2013.02.14 12:18:28 | 000,313,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 02:48:15 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 02:48:15 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 02:48:15 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 02:48:15 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 02:48:15 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 02:45:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.12 14:24:18 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.11 21:19:32 | 000,000,000 | ---- | C] () -- C:\Users\Odion\defogger_reenable
[2013.03.11 21:18:06 | 000,050,477 | ---- | C] () -- C:\Users\Odion\Desktop\Defogger.exe
[2013.03.04 16:29:47 | 1244,171,973 | ---- | C] () -- C:\Users\Odion\Desktop\Lulul.rar
[2013.03.04 16:16:07 | 000,013,824 | ---- | C] () -- C:\Users\Odion\Documents\Okay.veg
[2013.02.28 22:10:28 | 003,487,768 | ---- | C] () -- C:\Users\Odion\Desktop\JBB.mp3
[2013.02.25 18:47:52 | 000,015,096 | ---- | C] () -- C:\Users\Odion\Documents\HS.veg
[2013.02.20 15:32:16 | 017,621,248 | ---- | C] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav
[2013.02.17 18:27:38 | 122,393,698 | ---- | C] () -- C:\Users\Odion\Documents\niiice.mp4
[2012.05.31 13:44:20 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.02 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\.minecraft
[2012.07.01 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Aeria Games & Entertainment
[2013.02.28 23:41:52 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Audacity
[2012.12.11 20:38:50 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\DVDVideoSoft
[2012.12.11 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 18:02:46 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\NetMedia Providers
[2012.04.19 18:02:46 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Publish Providers
[2012.04.21 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Sony
[2013.03.03 18:49:41 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

____OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.03.2013 21:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,64% Memory free
7,99 Gb Paging File | 7,02 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,81 Gb Free Space | 73,46% Space Free | Partition Type: NTFS
 
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D76EE9-A5E8-427F-9606-1CC52B99E852}" = rport=138 | protocol=17 | dir=out | app=system | 
"{02B784D5-0C66-4CF7-9358-ED600A309735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{088EFE32-B0C4-4C27-9905-C1B1A7DAB2DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0DF1AAB6-4A83-4CFD-B93E-9E23AB20768D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{10EE3223-6102-4F13-8C3E-5B33792FA9BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{13E77085-AD60-42A9-9E3E-824A1A092A3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{14E98A35-DD06-4BCB-B987-3B373F947AB0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{194508BE-5954-4ED4-A1F7-22D5F5F4BD77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{64C98732-A5B7-411C-937E-0CE9F49DFF99}" = rport=139 | protocol=6 | dir=out | app=system | 
"{690C87EE-F09D-48EA-AF75-EEFF9E1E0453}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6EFE13F2-F3D9-4F51-A745-1CCAB1FA081A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{72F57342-66BA-405E-8ABA-A495C706D3C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74B5A420-E3A2-4F1B-ABE8-B4DFB4F49B13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79F37989-9B6B-482C-96CE-91EA26988B8F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7D24AFBC-C7B4-42A0-98F6-170A744A4F12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{82D5A951-1A34-4BDB-AB50-209FA7AB5607}" = lport=137 | protocol=17 | dir=in | app=system | 
"{901EB14E-5DC2-4A61-9619-D419BF435A3C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9A13E267-9A89-433B-B0CA-2F8AC3241EC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9FD52368-EC56-4ACF-9E21-17A087FCFA64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C6D8C6B5-BA04-4A07-8E9D-7B23414A694A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DB48DA1C-A2FD-43BA-940E-3535157FF6BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5D83B5C-FBB3-4D10-B2C2-B2E5EC90A746}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00589857-9A74-464E-B7D5-9958DB83CAFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{060865CE-9EE7-4B30-8DF0-181AFB93F946}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{0DA4C8CC-DB2F-4440-8A16-9E6C6A7CE92A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{12BA1064-66CB-4F7C-800C-48E51E6B0561}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{1360506E-CE93-4F1E-8D75-FB927A1E832B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{16C555F0-6BF9-482C-9D89-92782E14A081}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{199453F8-0064-456F-8C3B-C5F5BAA27767}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{22BDBF0C-C34E-4D2D-A8CF-D366CBC5C3E6}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{264BA0E4-9A39-4612-8EE1-8FF0BDF2472D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31A31B02-3C60-4F08-A519-914BE58EAC8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe | 
"{3C19A017-5D2E-4BEA-A253-30D060095618}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{44B1A2BE-5FB9-4D27-95FB-AFD95234C763}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe | 
"{45EBFF91-CF77-4BE2-A150-E75A3BAF7A99}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{4AAF8D5B-EFA5-4389-9121-E829917239A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe | 
"{4AB8D6EC-1A67-4DD8-8C9E-373907D5FAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{4ABB5E93-5FED-455E-AFDB-3D1B95843AF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4FE19CC3-6105-4169-BFA7-D5799760410C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{51FD3C44-5447-4CAE-8531-70897581FD20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6133DA1D-E1D3-4992-8225-C9310CDA6F97}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6205FAB8-A38A-4654-9F7A-8D6A08A0EE40}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{64725DBC-B47C-430A-B8A3-02B91AD26648}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67D8651E-E4F5-44A0-861D-E52707AC197F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6B32C291-122E-456C-B873-CAEFF952D057}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C0422CE-44B7-4F45-8374-DB06B8F03092}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{7C1D4351-C786-4176-8FCA-FC53DCEE0615}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{84F71C2B-15EA-48B2-BBAA-0186C7637534}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8AB64104-98E8-4F17-9098-23B69950A474}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A44FA021-3C56-4710-A27B-92BBC2BC76D5}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe | 
"{AEDAA44B-BA54-48A5-9E0E-98D55286F098}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B82775D7-42AD-4579-BD0B-89510266C4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{CA007730-0867-4642-9723-351310A58129}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe | 
"{CB4EA792-52CA-4DC9-A642-B3B432BC35C3}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{CCD0F669-77AE-4FFB-AE29-60B44E62BE64}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{D44C4487-0634-44CC-9F09-503B77B84D65}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{DA8AACD1-9DCE-4153-8DD9-EE9A0A634DDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DAFCAEB4-F1C8-434D-8780-EBFBF7FD7EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB9CBB95-7BA6-4DF3-AB12-A83471ECCA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe | 
"{F524B257-3039-4FE2-B433-9D3F038B2B27}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe | 
"{FB8B6D3B-1E06-4C90-A470-A32C1CB25E02}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FF893876-6E01-4E45-A8B8-0DB16B4FE711}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe | 
"TCP Query User{3BB936CC-4A4A-476E-9C7E-0697088FE059}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{55F6D8FE-00AB-40AA-86A4-5EC1E1C2A14B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{5EECA2A0-F33A-4C9B-9560-FF16F2BEF846}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{BD306950-B0CD-44CD-8223-B5C1B123FCC3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{EAB878AC-22BC-4DF5-9BED-827E23442A6D}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F18733E5-9A22-4A5A-898A-F33D9385B723}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{1695D144-8033-4007-80ED-BBBE520B768E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{62360048-92D5-43E0-89F1-2523B74E5719}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6A250440-BB5E-4143-9D9D-E87A59222EA7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{6EDCB93D-8F5D-4567-85C3-BD7F14ECE4B9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{73FEB0E5-7888-4FA9-83EF-84581A907E9B}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E8FD18F7-C66F-4DBB-8F93-686BC5C58536}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0102A21-5ED9-11E1-958C-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.14.2
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F24C5-03E3-4DAA-B935-E7C971003F0E}" = Aeria Ignite
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.11.2111" = Aeria Ignite
"Audacity_is1" = Audacity 2.0
"EdenEternal-DE" = EdenEternal-DE
"Elsword_DE_is1" = Elsword_DE
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LostSagaEU" = Lost Saga EU
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148
 
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
 
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6240
 
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6240
 
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3760
 
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3760
 
Error - 06.03.2013 06:22:53 | Computer Name = Odion-PC | Source = .NET Runtime | ID = 1022
Description = 
 
[ System Events ]
Error - 28.07.2012 20:56:56 | Computer Name = Odion-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.887.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8601.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 31.07.2012 20:55:07 | Computer Name = Odion-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.08.2012 14:34:23 | Computer Name = Odion-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.1082.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8601.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 02.08.2012 13:53:07 | Computer Name = Odion-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?08.?2012 um 19:50:50 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

___

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-11 21:43:43
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Odion\AppData\Local\Temp\agloapog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075f41465 2 bytes [F4, 75]
.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               0000000075f414bb 2 bytes [F4, 75]
.text  ...                                                                                                                                 * 2
.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075f41465 2 bytes [F4, 75]
.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               0000000075f414bb 2 bytes [F4, 75]
.text  ...                                                                                                                                 * 2
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                      00000000744411a8 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                00000000744413a8 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                    0000000074441422 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19             0000000074441498 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195  00000000743e1b41 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362  00000000743e1be8 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418  00000000743e1c20 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596  00000000743e1cd2 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628  00000000743e1cf2 2 bytes [3E, 74]

---- EOF - GMER 2.1 ----
--- --- ---
Geändert von Ooyo00 (11.03.2013 um 22:01 Uhr) Grund: Hab Smileys mal ausgestellt.

 

Themen zu Präventiver Sicherheitscheck
adblock, akamai, autorun, bho, bonjour, converter, error, explorer, fehler, firefox, format, homepage, install.exe, karte, kreditkarte, mp3, msvcrt, nvidia, office 2007, plug-in, problembehandlung, registry, rundll, scan, security, senden, software, svchost.exe, temp, tippen, udp, windows


« Mehrere Viren, ich weiß nicht weiter ! | Skype / Avast IP Block durch Malwarebytes »


Ähnliche Themen: Präventiver Sicherheitscheck


  1. Portabler, präventiver Viren- & Malwareschutz?
    Antiviren-, Firewall- und andere Schutzprogramme - 27.09.2015 (12)
  2. Google verspricht zwei GByte Online-Speicher für Teilnahme an Sicherheitscheck
    Nachrichten - 10.02.2015 (0)
  3. NSA-Affäre und IETF: "Das Internet braucht einen Sicherheitscheck"
    Nachrichten - 16.10.2013 (0)
  4. Malware- /Sicherheitscheck bei Laptop ohne Symptome
    Log-Analyse und Auswertung - 04.06.2013 (12)
  5. Zirkumflex ^ direkt doppelte Ausgabe, kein Trojaner Fund mit MBAM, trotzdem präventiver Scan + Logauswertung
    Log-Analyse und Auswertung - 20.01.2013 (11)
  6. Trojaner? Beim Onlinebanking ein Sicherheitscheck und Inet-Explorer läuft langsam
    Log-Analyse und Auswertung - 01.03.2012 (7)
  7. Zscaler bietet kostenlosen Sicherheitscheck von Webseiten
    Nachrichten - 27.01.2012 (0)
  8. Hintergrund: iPhone-Banking-Apps im Sicherheitscheck
    Nachrichten - 22.12.2010 (0)
  9. Wallpaper ohne zutun geändert, Sicherheitscheck
    Log-Analyse und Auswertung - 11.10.2010 (1)
  10. Sicherheitscheck nach einigen Malen Startproblemen
    Log-Analyse und Auswertung - 12.05.2010 (12)
  11. [nicht dringend] Sicherheitscheck - Bestätigung von Experten gesucht.
    Log-Analyse und Auswertung - 22.02.2010 (0)
  12. "Sicherheitscheck"
    Mülltonne - 28.01.2009 (0)
  13. Sicherheitscheck
    Mülltonne - 27.08.2006 (1)
  14. sicherheitscheck
    Log-Analyse und Auswertung - 27.02.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Präventiver Sicherheitscheck - Hallo! Folgendes: Ich würde gerne demnächst an meinem Laptop einige Online-Käufe usw. machen, allerdings hatte ich in vergangenen Jahren schon mal Probleme mit Malware. Mittlerweile wurde der Laptop öfters neu - Präventiver Sicherheitscheck...
Archiv
Du betrachtest: Präventiver Sicherheitscheck auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131