Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Präventiver Sicherheitscheck (https://www.trojaner-board.de/132097-praeventiver-sicherheitscheck.html)

Ooyo00 11.03.2013 21:55
Präventiver Sicherheitscheck
 
Hallo!

Folgendes: Ich würde gerne demnächst an meinem Laptop einige Online-Käufe usw. machen, allerdings hatte ich in vergangenen Jahren schon mal Probleme mit Malware.
Mittlerweile wurde der Laptop öfters neu aufgesetzt, allerdings seit längerer Zeit nun nicht mehr, und darum würde ich das Ding gerne einfach mal mit euch durchchecken, um zu schauen ob ich mit gutem Gewissen Kreditkarteninfos an meinem PC eintippen kann :)

Hier die Logfiles von OTL und gmer:OTL Logfile:
Code:
OTL logfile created on: 11.03.2013 21:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,64% Memory free
7,99 Gb Paging File | 7,02 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,81 Gb Free Space | 73,46% Space Free | Partition Type: NTFS
 
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe
PRC - [2009.03.12 17:15:58 | 001,552,497 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.01 20:54:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009.01.12 15:11:40 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.04 11:16:08 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.09.04 11:16:00 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.08.01 14:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.30 11:01:09 | 000,465,408 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV:64bit: - [2009.07.30 11:01:09 | 000,043,520 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV:64bit: - [2009.07.30 11:01:09 | 000,025,600 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA DE 6C C4 78 20 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: YouTube = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: ProxMate - unblock the Internet! = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.2.4_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Program Files (x86)\PLFSetI.exe File not found
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129D832F-611B-4C09-AFF2-189DA02FBA23}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F836FCEB-46C2-45AE-8ACA-F6B3A018AC99}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.11 21:20:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
[2013.03.03 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc
[2013.02.15 02:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.12 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.12 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
[2013.03.11 21:19:32 | 000,000,000 | ---- | M] () -- C:\Users\Odion\defogger_reenable
[2013.03.11 21:18:07 | 000,050,477 | ---- | M] () -- C:\Users\Odion\Desktop\Defogger.exe
[2013.03.11 21:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001UA.job
[2013.03.11 18:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.11 17:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 17:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 17:23:34 | 3217,170,432 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 23:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001Core.job
[2013.03.06 11:15:05 | 000,002,364 | ---- | M] () -- C:\Users\Odion\Desktop\Google Chrome.lnk
[2013.03.04 16:35:30 | 1244,171,973 | ---- | M] () -- C:\Users\Odion\Desktop\Lulul.rar
[2013.03.04 16:16:07 | 000,013,824 | ---- | M] () -- C:\Users\Odion\Documents\Okay.veg
[2013.02.28 22:27:48 | 003,487,768 | ---- | M] () -- C:\Users\Odion\Desktop\JBB.mp3
[2013.02.25 18:47:52 | 000,015,096 | ---- | M] () -- C:\Users\Odion\Documents\HS.veg
[2013.02.20 15:32:18 | 017,621,248 | ---- | M] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav
[2013.02.17 18:45:31 | 122,393,698 | ---- | M] () -- C:\Users\Odion\Documents\niiice.mp4
[2013.02.14 12:18:28 | 000,313,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 02:48:15 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 02:48:15 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 02:48:15 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 02:48:15 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 02:48:15 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 02:45:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.12 14:24:18 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.11 21:19:32 | 000,000,000 | ---- | C] () -- C:\Users\Odion\defogger_reenable
[2013.03.11 21:18:06 | 000,050,477 | ---- | C] () -- C:\Users\Odion\Desktop\Defogger.exe
[2013.03.04 16:29:47 | 1244,171,973 | ---- | C] () -- C:\Users\Odion\Desktop\Lulul.rar
[2013.03.04 16:16:07 | 000,013,824 | ---- | C] () -- C:\Users\Odion\Documents\Okay.veg
[2013.02.28 22:10:28 | 003,487,768 | ---- | C] () -- C:\Users\Odion\Desktop\JBB.mp3
[2013.02.25 18:47:52 | 000,015,096 | ---- | C] () -- C:\Users\Odion\Documents\HS.veg
[2013.02.20 15:32:16 | 017,621,248 | ---- | C] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav
[2013.02.17 18:27:38 | 122,393,698 | ---- | C] () -- C:\Users\Odion\Documents\niiice.mp4
[2012.05.31 13:44:20 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.02 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\.minecraft
[2012.07.01 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Aeria Games & Entertainment
[2013.02.28 23:41:52 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Audacity
[2012.12.11 20:38:50 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\DVDVideoSoft
[2012.12.11 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 18:02:46 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\NetMedia Providers
[2012.04.19 18:02:46 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Publish Providers
[2012.04.21 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Sony
[2013.03.03 18:49:41 | 000,000,000 | ---D | M] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

____OTL Logfile:
Code:
OTL Extras logfile created on: 11.03.2013 21:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,64% Memory free
7,99 Gb Paging File | 7,02 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,81 Gb Free Space | 73,46% Space Free | Partition Type: NTFS
 
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D76EE9-A5E8-427F-9606-1CC52B99E852}" = rport=138 | protocol=17 | dir=out | app=system |
"{02B784D5-0C66-4CF7-9358-ED600A309735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{088EFE32-B0C4-4C27-9905-C1B1A7DAB2DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0DF1AAB6-4A83-4CFD-B93E-9E23AB20768D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10EE3223-6102-4F13-8C3E-5B33792FA9BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13E77085-AD60-42A9-9E3E-824A1A092A3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{14E98A35-DD06-4BCB-B987-3B373F947AB0}" = lport=139 | protocol=6 | dir=in | app=system |
"{194508BE-5954-4ED4-A1F7-22D5F5F4BD77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64C98732-A5B7-411C-937E-0CE9F49DFF99}" = rport=139 | protocol=6 | dir=out | app=system |
"{690C87EE-F09D-48EA-AF75-EEFF9E1E0453}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EFE13F2-F3D9-4F51-A745-1CCAB1FA081A}" = lport=445 | protocol=6 | dir=in | app=system |
"{72F57342-66BA-405E-8ABA-A495C706D3C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74B5A420-E3A2-4F1B-ABE8-B4DFB4F49B13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F37989-9B6B-482C-96CE-91EA26988B8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D24AFBC-C7B4-42A0-98F6-170A744A4F12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82D5A951-1A34-4BDB-AB50-209FA7AB5607}" = lport=137 | protocol=17 | dir=in | app=system |
"{901EB14E-5DC2-4A61-9619-D419BF435A3C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A13E267-9A89-433B-B0CA-2F8AC3241EC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9FD52368-EC56-4ACF-9E21-17A087FCFA64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6D8C6B5-BA04-4A07-8E9D-7B23414A694A}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB48DA1C-A2FD-43BA-940E-3535157FF6BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5D83B5C-FBB3-4D10-B2C2-B2E5EC90A746}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00589857-9A74-464E-B7D5-9958DB83CAFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{060865CE-9EE7-4B30-8DF0-181AFB93F946}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{0DA4C8CC-DB2F-4440-8A16-9E6C6A7CE92A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{12BA1064-66CB-4F7C-800C-48E51E6B0561}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{1360506E-CE93-4F1E-8D75-FB927A1E832B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16C555F0-6BF9-482C-9D89-92782E14A081}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{199453F8-0064-456F-8C3B-C5F5BAA27767}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{22BDBF0C-C34E-4D2D-A8CF-D366CBC5C3E6}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{264BA0E4-9A39-4612-8EE1-8FF0BDF2472D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31A31B02-3C60-4F08-A519-914BE58EAC8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{3C19A017-5D2E-4BEA-A253-30D060095618}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44B1A2BE-5FB9-4D27-95FB-AFD95234C763}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{45EBFF91-CF77-4BE2-A150-E75A3BAF7A99}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{4AAF8D5B-EFA5-4389-9121-E829917239A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{4AB8D6EC-1A67-4DD8-8C9E-373907D5FAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{4ABB5E93-5FED-455E-AFDB-3D1B95843AF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FE19CC3-6105-4169-BFA7-D5799760410C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{51FD3C44-5447-4CAE-8531-70897581FD20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6133DA1D-E1D3-4992-8225-C9310CDA6F97}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6205FAB8-A38A-4654-9F7A-8D6A08A0EE40}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{64725DBC-B47C-430A-B8A3-02B91AD26648}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67D8651E-E4F5-44A0-861D-E52707AC197F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B32C291-122E-456C-B873-CAEFF952D057}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C0422CE-44B7-4F45-8374-DB06B8F03092}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C1D4351-C786-4176-8FCA-FC53DCEE0615}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84F71C2B-15EA-48B2-BBAA-0186C7637534}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AB64104-98E8-4F17-9098-23B69950A474}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A44FA021-3C56-4710-A27B-92BBC2BC76D5}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{AEDAA44B-BA54-48A5-9E0E-98D55286F098}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B82775D7-42AD-4579-BD0B-89510266C4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{CA007730-0867-4642-9723-351310A58129}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{CB4EA792-52CA-4DC9-A642-B3B432BC35C3}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{CCD0F669-77AE-4FFB-AE29-60B44E62BE64}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{D44C4487-0634-44CC-9F09-503B77B84D65}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{DA8AACD1-9DCE-4153-8DD9-EE9A0A634DDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAFCAEB4-F1C8-434D-8780-EBFBF7FD7EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB9CBB95-7BA6-4DF3-AB12-A83471ECCA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{F524B257-3039-4FE2-B433-9D3F038B2B27}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{FB8B6D3B-1E06-4C90-A470-A32C1CB25E02}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF893876-6E01-4E45-A8B8-0DB16B4FE711}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"TCP Query User{3BB936CC-4A4A-476E-9C7E-0697088FE059}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55F6D8FE-00AB-40AA-86A4-5EC1E1C2A14B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EECA2A0-F33A-4C9B-9560-FF16F2BEF846}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BD306950-B0CD-44CD-8223-B5C1B123FCC3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EAB878AC-22BC-4DF5-9BED-827E23442A6D}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F18733E5-9A22-4A5A-898A-F33D9385B723}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{1695D144-8033-4007-80ED-BBBE520B768E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{62360048-92D5-43E0-89F1-2523B74E5719}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6A250440-BB5E-4143-9D9D-E87A59222EA7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6EDCB93D-8F5D-4567-85C3-BD7F14ECE4B9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{73FEB0E5-7888-4FA9-83EF-84581A907E9B}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E8FD18F7-C66F-4DBB-8F93-686BC5C58536}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0102A21-5ED9-11E1-958C-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.14.2
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F24C5-03E3-4DAA-B935-E7C971003F0E}" = Aeria Ignite
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.11.2111" = Aeria Ignite
"Audacity_is1" = Audacity 2.0
"EdenEternal-DE" = EdenEternal-DE
"Elsword_DE_is1" = Elsword_DE
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LostSagaEU" = Lost Saga EU
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148
 
Error - 03.03.2013 14:29:20 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
 
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6240
 
Error - 03.03.2013 14:29:21 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6240
 
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3760
 
Error - 05.03.2013 09:53:44 | Computer Name = Odion-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3760
 
Error - 06.03.2013 06:22:53 | Computer Name = Odion-PC | Source = .NET Runtime | ID = 1022
Description =
 
[ System Events ]
Error - 28.07.2012 20:56:56 | Computer Name = Odion-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.887.0    Aktualisierungsquelle: %%859

        Aktualisierungsphase:
 %%852    Quellpfad: hxxp://www.microsoft.com    Signaturtyp: %%800    Aktualisierungstyp: %%803

        Benutzer:
 NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8601.0    Fehlercode:
 0x8024402c    Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support".
 
Error - 31.07.2012 20:55:07 | Computer Name = Odion-PC | Source = DCOM | ID = 10010
Description =
 
Error - 01.08.2012 14:34:23 | Computer Name = Odion-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.1082.0    Aktualisierungsquelle:
%%859    Aktualisierungsphase: %%852    Quellpfad: hxxp://www.microsoft.com    Signaturtyp:
%%800    Aktualisierungstyp: %%803    Benutzer: NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8601.0    Fehlercode: 0x8024402c    Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support".
 
Error - 02.08.2012 13:53:07 | Computer Name = Odion-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?08.?2012 um 19:50:50 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

___

GMER Logfile:
Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-11 21:43:43
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Odion\AppData\Local\Temp\agloapog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075f41465 2 bytes [F4, 75]
.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000075f414bb 2 bytes [F4, 75]
.text  ...                                                                                                                                * 2
.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075f41465 2 bytes [F4, 75]
.text  C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000075f414bb 2 bytes [F4, 75]
.text  ...                                                                                                                                * 2
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                      00000000744411a8 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                00000000744413a8 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                    0000000074441422 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19            0000000074441498 2 bytes [44, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195  00000000743e1b41 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362  00000000743e1be8 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418  00000000743e1c20 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596  00000000743e1cd2 2 bytes [3E, 74]
.text  C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe[2104] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628  00000000743e1cf2 2 bytes [3E, 74]

---- EOF - GMER 2.1 ----
--- --- ---

cosinus 12.03.2013 17:56
Hallo und :hallo:

Zitat:
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Warum bitte eine Ultimate Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Ooyo00 12.03.2013 18:34
Heyho!

Nein, weder noch. Ich mach ziemlich viel Musik mit dem Laptop und hab ein paar "exotische" VST und Plug-Ins aus anno dazumal die ich nur auf XP zum funktionieren kriege. Und ich wollte mir nicht die Mühe machen XP erneut zu installieren.

cosinus 12.03.2013 23:19
Naja, ob es eine Ultimate hätte sein müssen sei mal dahingestellt

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Ooyo00 13.03.2013 20:51
So hier die Logs!

mbar
Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.13.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Odion :: ODION-PC [administrator]

13.03.2013 20:25:15
mbar-log-2013-03-13 (20-25-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29260
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
aswMBR

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 20:30:00
-----------------------------
20:30:00.381    OS Version: Windows x64 6.1.7600
20:30:00.381    Number of processors: 2 586 0x170A
20:30:00.381    ComputerName: ODION-PC  UserName: Odion
20:30:01.567    Initialize success
20:31:18.231    AVAST engine defs: 13031300
20:33:38.475    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:33:38.475    Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11
20:33:38.491    Disk 0 MBR read successfully
20:33:38.491    Disk 0 MBR scan
20:33:38.506    Disk 0 Windows 7 default MBR code
20:33:38.506    Disk 0 Partition 1 00    27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
20:33:38.537    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      295243 MB offset 20482048
20:33:38.569    Disk 0 scanning C:\Windows\system32\drivers
20:33:46.571    Service scanning
20:34:12.656    Modules scanning
20:34:12.656    Disk 0 trace - called modules:
20:34:12.687    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:34:12.702    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c49060]
20:34:12.702    3 CLASSPNP.SYS[fffff8800192343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046dd680]
20:34:13.919    AVAST engine scan C:\Windows
20:34:15.666    AVAST engine scan C:\Windows\system32
20:36:58.797    AVAST engine scan C:\Windows\system32\drivers
20:37:08.063    AVAST engine scan C:\Users\Odion
20:42:10.519    AVAST engine scan C:\ProgramData
20:42:40.455    Scan finished successfully
20:43:12.747    Disk 0 MBR has been saved successfully to "C:\Users\Odion\Desktop\MBR.dat"
20:43:12.747    The log file has been saved successfully to "C:\Users\Odion\Desktop\aswMBR.txt"
und tdsskiller

Code:

20:45:24.0772 3536  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:45:24.0926 3536  ============================================================
20:45:24.0926 3536  Current date / time: 2013/03/13 20:45:24.0926
20:45:24.0927 3536  SystemInfo:
20:45:24.0927 3536 
20:45:24.0927 3536  OS Version: 6.1.7600 ServicePack: 0.0
20:45:24.0927 3536  Product type: Workstation
20:45:24.0927 3536  ComputerName: ODION-PC
20:45:24.0927 3536  UserName: Odion
20:45:24.0927 3536  Windows directory: C:\Windows
20:45:24.0927 3536  System windows directory: C:\Windows
20:45:24.0927 3536  Running under WOW64
20:45:24.0927 3536  Processor architecture: Intel x64
20:45:24.0927 3536  Number of processors: 2
20:45:24.0927 3536  Page size: 0x1000
20:45:24.0927 3536  Boot type: Normal boot
20:45:24.0927 3536  ============================================================
20:45:25.0922 3536  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:45:25.0930 3536  ============================================================
20:45:25.0930 3536  \Device\Harddisk0\DR0:
20:45:25.0930 3536  MBR partitions:
20:45:25.0930 3536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x240A5800
20:45:25.0930 3536  ============================================================
20:45:25.0950 3536  C: <-> \Device\Harddisk0\DR0\Partition1
20:45:25.0950 3536  ============================================================
20:45:25.0950 3536  Initialize success
20:45:25.0950 3536  ============================================================
20:47:44.0767 3068  ============================================================
20:47:44.0767 3068  Scan started
20:47:44.0767 3068  Mode: Manual; SigCheck; TDLFS;
20:47:44.0767 3068  ============================================================
20:47:45.0607 3068  ================ Scan system memory ========================
20:47:45.0607 3068  System memory - ok
20:47:45.0608 3068  ================ Scan services =============================
20:47:45.0789 3068  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:47:45.0945 3068  1394ohci - ok
20:47:45.0974 3068  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
20:47:45.0998 3068  ACPI - ok
20:47:46.0030 3068  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
20:47:46.0103 3068  AcpiPmi - ok
20:47:46.0158 3068  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
20:47:46.0179 3068  adp94xx - ok
20:47:46.0218 3068  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
20:47:46.0236 3068  adpahci - ok
20:47:46.0262 3068  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
20:47:46.0279 3068  adpu320 - ok
20:47:46.0313 3068  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
20:47:46.0446 3068  AeLookupSvc - ok
20:47:46.0491 3068  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD            C:\Windows\system32\drivers\afd.sys
20:47:46.0550 3068  AFD - ok
20:47:46.0593 3068  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
20:47:46.0607 3068  agp440 - ok
20:47:46.0639 3068  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
20:47:46.0707 3068  ALG - ok
20:47:46.0726 3068  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
20:47:46.0739 3068  aliide - ok
20:47:46.0765 3068  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
20:47:46.0777 3068  amdide - ok
20:47:46.0818 3068  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
20:47:46.0840 3068  AmdK8 - ok
20:47:46.0856 3068  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:47:46.0892 3068  AmdPPM - ok
20:47:46.0921 3068  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
20:47:46.0935 3068  amdsata - ok
20:47:46.0953 3068  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:47:46.0968 3068  amdsbs - ok
20:47:46.0988 3068  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
20:47:47.0001 3068  amdxata - ok
20:47:47.0041 3068  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID          C:\Windows\system32\drivers\appid.sys
20:47:47.0112 3068  AppID - ok
20:47:47.0144 3068  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:47:47.0187 3068  AppIDSvc - ok
20:47:47.0217 3068  [ D065BE66822847B7F127D1F90158376E ] Appinfo        C:\Windows\System32\appinfo.dll
20:47:47.0247 3068  Appinfo - ok
20:47:47.0341 3068  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:47:47.0358 3068  Apple Mobile Device - ok
20:47:47.0390 3068  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
20:47:47.0429 3068  AppMgmt - ok
20:47:47.0480 3068  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
20:47:47.0498 3068  arc - ok
20:47:47.0513 3068  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:47:47.0531 3068  arcsas - ok
20:47:47.0565 3068  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:47.0618 3068  AsyncMac - ok
20:47:47.0630 3068  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
20:47:47.0642 3068  atapi - ok
20:47:47.0753 3068  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:47:47.0825 3068  AudioEndpointBuilder - ok
20:47:47.0874 3068  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:47:47.0929 3068  AudioSrv - ok
20:47:47.0955 3068  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:47:48.0032 3068  AxInstSV - ok
20:47:48.0071 3068  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
20:47:48.0119 3068  b06bdrv - ok
20:47:48.0148 3068  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:48.0178 3068  b57nd60a - ok
20:47:48.0226 3068  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:47:48.0256 3068  BDESVC - ok
20:47:48.0281 3068  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:47:48.0324 3068  Beep - ok
20:47:48.0366 3068  [ 4992C609A6315671463E30F6512BC022 ] BFE            C:\Windows\System32\bfe.dll
20:47:48.0441 3068  BFE - ok
20:47:48.0485 3068  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
20:47:48.0554 3068  BITS - ok
20:47:48.0592 3068  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:48.0609 3068  blbdrive - ok
20:47:48.0671 3068  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:47:48.0698 3068  Bonjour Service - ok
20:47:48.0742 3068  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:47:48.0783 3068  bowser - ok
20:47:48.0818 3068  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:47:48.0852 3068  BrFiltLo - ok
20:47:48.0867 3068  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:47:48.0898 3068  BrFiltUp - ok
20:47:48.0922 3068  [ 6B054C67AAA87843504E8E3C09102009 ] Browser        C:\Windows\System32\browser.dll
20:47:48.0966 3068  Browser - ok
20:47:48.0985 3068  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
20:47:49.0026 3068  Brserid - ok
20:47:49.0037 3068  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:49.0068 3068  BrSerWdm - ok
20:47:49.0085 3068  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:49.0117 3068  BrUsbMdm - ok
20:47:49.0122 3068  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:49.0140 3068  BrUsbSer - ok
20:47:49.0146 3068  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:47:49.0163 3068  BTHMODEM - ok
20:47:49.0188 3068  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
20:47:49.0267 3068  bthserv - ok
20:47:49.0310 3068  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:47:49.0367 3068  cdfs - ok
20:47:49.0399 3068  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
20:47:49.0431 3068  cdrom - ok
20:47:49.0473 3068  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc    C:\Windows\System32\certprop.dll
20:47:49.0527 3068  CertPropSvc - ok
20:47:49.0550 3068  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:47:49.0566 3068  circlass - ok
20:47:49.0591 3068  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:47:49.0610 3068  CLFS - ok
20:47:49.0671 3068  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:49.0691 3068  clr_optimization_v2.0.50727_32 - ok
20:47:49.0733 3068  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:49.0748 3068  clr_optimization_v2.0.50727_64 - ok
20:47:49.0806 3068  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:49.0822 3068  clr_optimization_v4.0.30319_32 - ok
20:47:49.0857 3068  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:49.0872 3068  clr_optimization_v4.0.30319_64 - ok
20:47:49.0902 3068  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:49.0938 3068  CmBatt - ok
20:47:49.0966 3068  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
20:47:49.0981 3068  cmdide - ok
20:47:50.0014 3068  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG            C:\Windows\system32\Drivers\cng.sys
20:47:50.0062 3068  CNG - ok
20:47:50.0091 3068  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:47:50.0104 3068  Compbatt - ok
20:47:50.0124 3068  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:47:50.0150 3068  CompositeBus - ok
20:47:50.0169 3068  COMSysApp - ok
20:47:50.0192 3068  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
20:47:50.0204 3068  crcdisk - ok
20:47:50.0246 3068  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:47:50.0289 3068  CryptSvc - ok
20:47:50.0331 3068  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC            C:\Windows\system32\drivers\csc.sys
20:47:50.0373 3068  CSC - ok
20:47:50.0418 3068  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
20:47:50.0447 3068  CscService - ok
20:47:50.0488 3068  [ A5D3D53178394CC7A8A26BB532575B59 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:47:50.0498 3068  dc3d - ok
20:47:50.0543 3068  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:47:50.0601 3068  DcomLaunch - ok
20:47:50.0629 3068  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
20:47:50.0687 3068  defragsvc - ok
20:47:50.0732 3068  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:47:50.0767 3068  DfsC - ok
20:47:50.0824 3068  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:47:50.0900 3068  Dhcp - ok
20:47:50.0930 3068  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:47:50.0994 3068  discache - ok
20:47:51.0058 3068  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:47:51.0077 3068  Disk - ok
20:47:51.0118 3068  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:47:51.0162 3068  Dnscache - ok
20:47:51.0202 3068  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc        C:\Windows\System32\dot3svc.dll
20:47:51.0258 3068  dot3svc - ok
20:47:51.0278 3068  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS            C:\Windows\system32\dps.dll
20:47:51.0332 3068  DPS - ok
20:47:51.0365 3068  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
20:47:51.0438 3068  drmkaud - ok
20:47:51.0491 3068  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
20:47:51.0530 3068  DXGKrnl - ok
20:47:51.0561 3068  EagleX64 - ok
20:47:51.0592 3068  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
20:47:51.0636 3068  EapHost - ok
20:47:51.0734 3068  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
20:47:51.0859 3068  ebdrv - ok
20:47:51.0886 3068  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS            C:\Windows\System32\lsass.exe
20:47:51.0930 3068  EFS - ok
20:47:51.0993 3068  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
20:47:52.0048 3068  ehRecvr - ok
20:47:52.0069 3068  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
20:47:52.0098 3068  ehSched - ok
20:47:52.0138 3068  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
20:47:52.0160 3068  elxstor - ok
20:47:52.0181 3068  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
20:47:52.0207 3068  ErrDev - ok
20:47:52.0277 3068  [ ABC24F129C616E5DEE5CE58683606C84 ] ESLWireAC      C:\Windows\system32\drivers\ESLWireACD.sys
20:47:52.0303 3068  ESLWireAC - ok
20:47:52.0389 3068  [ 4FC6545A22D348E1B6DA15A27748B7FE ] EslWireHelper  C:\Program Files\EslWire\service\WireHelperSvc.exe
20:47:52.0420 3068  EslWireHelper - ok
20:47:52.0463 3068  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
20:47:52.0523 3068  EventSystem - ok
20:47:52.0547 3068  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
20:47:52.0595 3068  exfat - ok
20:47:52.0622 3068  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
20:47:52.0673 3068  fastfat - ok
20:47:52.0717 3068  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax            C:\Windows\system32\fxssvc.exe
20:47:52.0783 3068  Fax - ok
20:47:52.0796 3068  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
20:47:52.0814 3068  fdc - ok
20:47:52.0846 3068  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
20:47:52.0895 3068  fdPHost - ok
20:47:52.0911 3068  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:47:52.0956 3068  FDResPub - ok
20:47:52.0991 3068  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:47:53.0004 3068  FileInfo - ok
20:47:53.0018 3068  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
20:47:53.0066 3068  Filetrace - ok
20:47:53.0089 3068  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:53.0102 3068  flpydisk - ok
20:47:53.0120 3068  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:47:53.0138 3068  FltMgr - ok
20:47:53.0190 3068  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache      C:\Windows\system32\FntCache.dll
20:47:53.0244 3068  FontCache - ok
20:47:53.0286 3068  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:53.0302 3068  FontCache3.0.0.0 - ok
20:47:53.0327 3068  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
20:47:53.0340 3068  FsDepends - ok
20:47:53.0360 3068  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:47:53.0372 3068  Fs_Rec - ok
20:47:53.0421 3068  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:47:53.0448 3068  fvevol - ok
20:47:53.0476 3068  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:47:53.0493 3068  gagp30kx - ok
20:47:53.0522 3068  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:53.0532 3068  GEARAspiWDM - ok
20:47:53.0569 3068  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc          C:\Windows\System32\gpsvc.dll
20:47:53.0675 3068  gpsvc - ok
20:47:53.0797 3068  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi        C:\Windows\system32\DRIVERS\hamachi.sys
20:47:53.0814 3068  hamachi - ok
20:47:53.0838 3068  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:47:53.0900 3068  hcw85cir - ok
20:47:53.0936 3068  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:47:53.0957 3068  HdAudAddService - ok
20:47:53.0978 3068  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:47:54.0004 3068  HDAudBus - ok
20:47:54.0030 3068  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
20:47:54.0065 3068  HidBatt - ok
20:47:54.0095 3068  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:47:54.0122 3068  HidBth - ok
20:47:54.0138 3068  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
20:47:54.0170 3068  HidIr - ok
20:47:54.0200 3068  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
20:47:54.0266 3068  hidserv - ok
20:47:54.0306 3068  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:47:54.0340 3068  HidUsb - ok
20:47:54.0375 3068  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:47:54.0421 3068  hkmsvc - ok
20:47:54.0445 3068  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:47:54.0489 3068  HomeGroupListener - ok
20:47:54.0513 3068  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:47:54.0552 3068  HomeGroupProvider - ok
20:47:54.0604 3068  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
20:47:54.0617 3068  HpSAMD - ok
20:47:54.0659 3068  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:47:54.0723 3068  HTTP - ok
20:47:54.0751 3068  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:47:54.0764 3068  hwpolicy - ok
20:47:54.0777 3068  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:47:54.0791 3068  i8042prt - ok
20:47:54.0827 3068  [ B75E45C564E944A2657167D197AB29DA ] iaStorV        C:\Windows\system32\DRIVERS\iaStorV.sys
20:47:54.0847 3068  iaStorV - ok
20:47:54.0910 3068  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:54.0945 3068  idsvc - ok
20:47:54.0977 3068  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
20:47:54.0990 3068  iirsp - ok
20:47:55.0034 3068  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
20:47:55.0103 3068  IKEEXT - ok
20:47:55.0132 3068  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
20:47:55.0144 3068  intelide - ok
20:47:55.0168 3068  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:47:55.0193 3068  intelppm - ok
20:47:55.0225 3068  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
20:47:55.0277 3068  IPBusEnum - ok
20:47:55.0295 3068  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:55.0333 3068  IpFilterDriver - ok
20:47:55.0356 3068  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:47:55.0412 3068  iphlpsvc - ok
20:47:55.0444 3068  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:47:55.0479 3068  IPMIDRV - ok
20:47:55.0501 3068  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
20:47:55.0572 3068  IPNAT - ok
20:47:55.0635 3068  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:47:55.0669 3068  iPod Service - ok
20:47:55.0712 3068  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:47:55.0738 3068  IRENUM - ok
20:47:55.0749 3068  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
20:47:55.0761 3068  isapnp - ok
20:47:55.0780 3068  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:47:55.0797 3068  iScsiPrt - ok
20:47:55.0839 3068  [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:47:55.0867 3068  k57nd60a - ok
20:47:55.0895 3068  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:55.0908 3068  kbdclass - ok
20:47:55.0935 3068  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:55.0949 3068  kbdhid - ok
20:47:55.0964 3068  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
20:47:55.0978 3068  KeyIso - ok
20:47:56.0003 3068  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:47:56.0016 3068  KSecDD - ok
20:47:56.0041 3068  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
20:47:56.0056 3068  KSecPkg - ok
20:47:56.0076 3068  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
20:47:56.0126 3068  ksthunk - ok
20:47:56.0154 3068  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
20:47:56.0207 3068  KtmRm - ok
20:47:56.0254 3068  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:47:56.0313 3068  LanmanServer - ok
20:47:56.0339 3068  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:47:56.0389 3068  LanmanWorkstation - ok
20:47:56.0422 3068  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:47:56.0475 3068  lltdio - ok
20:47:56.0503 3068  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
20:47:56.0544 3068  lltdsvc - ok
20:47:56.0577 3068  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
20:47:56.0615 3068  lmhosts - ok
20:47:56.0651 3068  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:47:56.0665 3068  LSI_FC - ok
20:47:56.0680 3068  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
20:47:56.0693 3068  LSI_SAS - ok
20:47:56.0709 3068  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:47:56.0722 3068  LSI_SAS2 - ok
20:47:56.0745 3068  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:47:56.0759 3068  LSI_SCSI - ok
20:47:56.0790 3068  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
20:47:56.0828 3068  luafv - ok
20:47:56.0854 3068  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
20:47:56.0877 3068  Mcx2Svc - ok
20:47:56.0899 3068  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
20:47:56.0912 3068  megasas - ok
20:47:56.0934 3068  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:47:56.0952 3068  MegaSR - ok
20:47:56.0967 3068  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
20:47:57.0017 3068  MMCSS - ok
20:47:57.0035 3068  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
20:47:57.0081 3068  Modem - ok
20:47:57.0104 3068  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
20:47:57.0134 3068  monitor - ok
20:47:57.0165 3068  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:47:57.0178 3068  mouclass - ok
20:47:57.0205 3068  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:47:57.0234 3068  mouhid - ok
20:47:57.0253 3068  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:47:57.0266 3068  mountmgr - ok
20:47:57.0325 3068  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:47:57.0353 3068  MpFilter - ok
20:47:57.0375 3068  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
20:47:57.0390 3068  mpio - ok
20:47:57.0417 3068  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:47:57.0455 3068  mpsdrv - ok
20:47:57.0507 3068  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:47:57.0569 3068  MpsSvc - ok
20:47:57.0584 3068  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:47:57.0613 3068  MRxDAV - ok
20:47:57.0633 3068  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:57.0662 3068  mrxsmb - ok
20:47:57.0691 3068  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:57.0707 3068  mrxsmb10 - ok
20:47:57.0727 3068  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:57.0755 3068  mrxsmb20 - ok
20:47:57.0788 3068  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
20:47:57.0801 3068  msahci - ok
20:47:57.0817 3068  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
20:47:57.0832 3068  msdsm - ok
20:47:57.0848 3068  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
20:47:57.0879 3068  MSDTC - ok
20:47:57.0898 3068  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:47:57.0935 3068  Msfs - ok
20:47:57.0954 3068  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
20:47:58.0006 3068  mshidkmdf - ok
20:47:58.0022 3068  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
20:47:58.0035 3068  msisadrv - ok
20:47:58.0064 3068  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
20:47:58.0104 3068  MSiSCSI - ok
20:47:58.0108 3068  msiserver - ok
20:47:58.0136 3068  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
20:47:58.0182 3068  MSKSSRV - ok
20:47:58.0234 3068  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:47:58.0249 3068  MsMpSvc - ok
20:47:58.0273 3068  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:58.0310 3068  MSPCLOCK - ok
20:47:58.0314 3068  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
20:47:58.0356 3068  MSPQM - ok
20:47:58.0379 3068  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
20:47:58.0398 3068  MsRPC - ok
20:47:58.0418 3068  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:47:58.0431 3068  mssmbios - ok
20:47:58.0457 3068  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
20:47:58.0506 3068  MSTEE - ok
20:47:58.0522 3068  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:47:58.0548 3068  MTConfig - ok
20:47:58.0577 3068  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
20:47:58.0590 3068  Mup - ok
20:47:58.0618 3068  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
20:47:58.0677 3068  napagent - ok
20:47:58.0739 3068  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
20:47:58.0787 3068  NativeWifiP - ok
20:47:58.0829 3068  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:47:58.0860 3068  NDIS - ok
20:47:58.0891 3068  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:58.0933 3068  NdisCap - ok
20:47:58.0963 3068  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:59.0009 3068  NdisTapi - ok
20:47:59.0030 3068  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:59.0082 3068  Ndisuio - ok
20:47:59.0110 3068  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:59.0148 3068  NdisWan - ok
20:47:59.0164 3068  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
20:47:59.0220 3068  NDProxy - ok
20:47:59.0243 3068  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
20:47:59.0293 3068  NetBIOS - ok
20:47:59.0313 3068  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
20:47:59.0353 3068  NetBT - ok
20:47:59.0364 3068  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
20:47:59.0377 3068  Netlogon - ok
20:47:59.0418 3068  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:47:59.0470 3068  Netman - ok
20:47:59.0488 3068  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:47:59.0539 3068  netprofm - ok
20:47:59.0563 3068  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:59.0574 3068  NetTcpPortSharing - ok
20:47:59.0720 3068  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
20:47:59.0884 3068  netw5v64 - ok
20:47:59.0923 3068  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
20:47:59.0936 3068  nfrd960 - ok
20:48:00.0005 3068  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:48:00.0026 3068  NisDrv - ok
20:48:00.0051 3068  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:48:00.0073 3068  NisSrv - ok
20:48:00.0115 3068  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:48:00.0172 3068  NlaSvc - ok
20:48:00.0193 3068  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:48:00.0237 3068  Npfs - ok
20:48:00.0250 3068  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
20:48:00.0305 3068  nsi - ok
20:48:00.0321 3068  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:48:00.0369 3068  nsiproxy - ok
20:48:00.0439 3068  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:48:00.0487 3068  Ntfs - ok
20:48:00.0509 3068  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:48:00.0545 3068  Null - ok
20:48:00.0586 3068  [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
20:48:00.0600 3068  NVHDA - ok
20:48:00.0885 3068  [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:48:01.0269 3068  nvlddmkm - ok
20:48:01.0359 3068  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
20:48:01.0384 3068  nvraid - ok
20:48:01.0406 3068  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
20:48:01.0421 3068  nvstor - ok
20:48:01.0489 3068  [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc          C:\Windows\system32\nvvsvc.exe
20:48:01.0535 3068  nvsvc - ok
20:48:01.0558 3068  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
20:48:01.0571 3068  nv_agp - ok
20:48:01.0629 3068  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:48:01.0657 3068  odserv - ok
20:48:01.0688 3068  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:48:01.0720 3068  ohci1394 - ok
20:48:01.0790 3068  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:01.0811 3068  ose - ok
20:48:01.0857 3068  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:48:01.0902 3068  p2pimsvc - ok
20:48:01.0932 3068  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:48:01.0960 3068  p2psvc - ok
20:48:01.0989 3068  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
20:48:02.0003 3068  Parport - ok
20:48:02.0024 3068  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
20:48:02.0038 3068  partmgr - ok
20:48:02.0071 3068  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:48:02.0105 3068  PcaSvc - ok
20:48:02.0118 3068  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci            C:\Windows\system32\DRIVERS\pci.sys
20:48:02.0134 3068  pci - ok
20:48:02.0154 3068  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
20:48:02.0167 3068  pciide - ok
20:48:02.0190 3068  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:48:02.0206 3068  pcmcia - ok
20:48:02.0219 3068  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
20:48:02.0233 3068  pcw - ok
20:48:02.0253 3068  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:48:02.0314 3068  PEAUTH - ok
20:48:02.0367 3068  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
20:48:02.0419 3068  PeerDistSvc - ok
20:48:02.0481 3068  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:48:02.0512 3068  PerfHost - ok
20:48:02.0570 3068  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla            C:\Windows\system32\pla.dll
20:48:02.0636 3068  pla - ok
20:48:02.0670 3068  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:48:02.0724 3068  PlugPlay - ok
20:48:02.0747 3068  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
20:48:02.0776 3068  PNRPAutoReg - ok
20:48:02.0801 3068  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
20:48:02.0818 3068  PNRPsvc - ok
20:48:02.0858 3068  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64        C:\Windows\system32\DRIVERS\point64.sys
20:48:02.0874 3068  Point64 - ok
20:48:02.0911 3068  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
20:48:02.0966 3068  PolicyAgent - ok
20:48:03.0004 3068  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
20:48:03.0054 3068  Power - ok
20:48:03.0078 3068  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:48:03.0141 3068  PptpMiniport - ok
20:48:03.0151 3068  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
20:48:03.0178 3068  Processor - ok
20:48:03.0201 3068  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc        C:\Windows\system32\profsvc.dll
20:48:03.0229 3068  ProfSvc - ok
20:48:03.0243 3068  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:03.0257 3068  ProtectedStorage - ok
20:48:03.0281 3068  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:48:03.0326 3068  Psched - ok
20:48:03.0386 3068  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:48:03.0435 3068  ql2300 - ok
20:48:03.0452 3068  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:48:03.0466 3068  ql40xx - ok
20:48:03.0501 3068  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
20:48:03.0547 3068  QWAVE - ok
20:48:03.0572 3068  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:48:03.0605 3068  QWAVEdrv - ok
20:48:03.0626 3068  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:48:03.0678 3068  RasAcd - ok
20:48:03.0709 3068  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
20:48:03.0773 3068  RasAgileVpn - ok
20:48:03.0799 3068  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
20:48:03.0838 3068  RasAuto - ok
20:48:03.0867 3068  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:03.0923 3068  Rasl2tp - ok
20:48:03.0950 3068  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
20:48:04.0015 3068  RasMan - ok
20:48:04.0036 3068  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:04.0074 3068  RasPppoe - ok
20:48:04.0090 3068  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
20:48:04.0135 3068  RasSstp - ok
20:48:04.0164 3068  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
20:48:04.0213 3068  rdbss - ok
20:48:04.0238 3068  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:48:04.0255 3068  rdpbus - ok
20:48:04.0266 3068  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:04.0303 3068  RDPCDD - ok
20:48:04.0324 3068  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
20:48:04.0370 3068  RDPDR - ok
20:48:04.0392 3068  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:48:04.0460 3068  RDPENCDD - ok
20:48:04.0475 3068  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:48:04.0512 3068  RDPREFMP - ok
20:48:04.0552 3068  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
20:48:04.0588 3068  RDPWD - ok
20:48:04.0607 3068  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:48:04.0623 3068  rdyboost - ok
20:48:04.0656 3068  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:48:04.0706 3068  RemoteAccess - ok
20:48:04.0742 3068  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:48:04.0814 3068  RemoteRegistry - ok
20:48:04.0825 3068  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:48:04.0881 3068  RpcEptMapper - ok
20:48:04.0901 3068  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:48:04.0929 3068  RpcLocator - ok
20:48:04.0955 3068  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs          C:\Windows\system32\rpcss.dll
20:48:04.0999 3068  RpcSs - ok
20:48:05.0041 3068  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:48:05.0098 3068  rspndr - ok
20:48:05.0116 3068  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap          C:\Windows\system32\DRIVERS\vms3cap.sys
20:48:05.0149 3068  s3cap - ok
20:48:05.0165 3068  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs          C:\Windows\system32\lsass.exe
20:48:05.0178 3068  SamSs - ok
20:48:05.0199 3068  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
20:48:05.0212 3068  sbp2port - ok
20:48:05.0236 3068  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:48:05.0291 3068  SCardSvr - ok
20:48:05.0327 3068  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:48:05.0393 3068  scfilter - ok
20:48:05.0447 3068  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
20:48:05.0489 3068  Schedule - ok
20:48:05.0507 3068  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc    C:\Windows\System32\certprop.dll
20:48:05.0545 3068  SCPolicySvc - ok
20:48:05.0576 3068  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:48:05.0616 3068  SDRSVC - ok
20:48:05.0658 3068  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:48:05.0712 3068  secdrv - ok
20:48:05.0742 3068  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
20:48:05.0810 3068  seclogon - ok
20:48:05.0834 3068  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:48:05.0894 3068  SENS - ok
20:48:05.0918 3068  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:48:05.0963 3068  SensrSvc - ok
20:48:05.0982 3068  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
20:48:05.0996 3068  Serenum - ok
20:48:06.0029 3068  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:48:06.0061 3068  Serial - ok
20:48:06.0066 3068  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:48:06.0103 3068  sermouse - ok
20:48:06.0143 3068  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
20:48:06.0183 3068  SessionEnv - ok
20:48:06.0188 3068  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
20:48:06.0218 3068  sffdisk - ok
20:48:06.0223 3068  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:48:06.0244 3068  sffp_mmc - ok
20:48:06.0264 3068  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
20:48:06.0279 3068  sffp_sd - ok
20:48:06.0296 3068  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
20:48:06.0326 3068  sfloppy - ok
20:48:06.0363 3068  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:48:06.0421 3068  SharedAccess - ok
20:48:06.0463 3068  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:06.0508 3068  ShellHWDetection - ok
20:48:06.0547 3068  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:48:06.0568 3068  SiSRaid2 - ok
20:48:06.0584 3068  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:48:06.0597 3068  SiSRaid4 - ok
20:48:06.0655 3068  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
20:48:06.0678 3068  SkypeUpdate - ok
20:48:06.0704 3068  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
20:48:06.0742 3068  Smb - ok
20:48:06.0774 3068  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:48:06.0804 3068  SNMPTRAP - ok
20:48:06.0836 3068  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
20:48:06.0849 3068  spldr - ok
20:48:06.0876 3068  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler        C:\Windows\System32\spoolsv.exe
20:48:06.0915 3068  Spooler - ok
20:48:07.0009 3068  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:48:07.0131 3068  sppsvc - ok
20:48:07.0152 3068  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
20:48:07.0192 3068  sppuinotify - ok
20:48:07.0231 3068  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv            C:\Windows\system32\DRIVERS\srv.sys
20:48:07.0287 3068  srv - ok
20:48:07.0321 3068  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:48:07.0339 3068  srv2 - ok
20:48:07.0351 3068  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:48:07.0376 3068  srvnet - ok
20:48:07.0413 3068  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
20:48:07.0454 3068  SSDPSRV - ok
20:48:07.0468 3068  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
20:48:07.0507 3068  SstpSvc - ok
20:48:07.0536 3068  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:48:07.0549 3068  stexstor - ok
20:48:07.0592 3068  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
20:48:07.0619 3068  stisvc - ok
20:48:07.0637 3068  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
20:48:07.0650 3068  storflt - ok
20:48:07.0681 3068  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc        C:\Windows\system32\DRIVERS\storvsc.sys
20:48:07.0693 3068  storvsc - ok
20:48:07.0706 3068  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:48:07.0719 3068  swenum - ok
20:48:07.0766 3068  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
20:48:07.0821 3068  swprv - ok
20:48:07.0867 3068  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain        C:\Windows\system32\sysmain.dll
20:48:07.0925 3068  SysMain - ok
20:48:07.0954 3068  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:07.0980 3068  TabletInputService - ok
20:48:08.0006 3068  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv        C:\Windows\System32\tapisrv.dll
20:48:08.0061 3068  TapiSrv - ok
20:48:08.0098 3068  [ 17F8B44FE344EA264CB6C9877DB35298 ] TASCAM_US122144 C:\Windows\system32\Drivers\tascusb2.sys
20:48:08.0138 3068  TASCAM_US122144 - ok
20:48:08.0164 3068  [ 7D32EFE52F83411C29B572C241FA6C16 ] TASCAM_US144_MK2_MIDI C:\Windows\system32\drivers\tscusb2m.sys
20:48:08.0197 3068  TASCAM_US144_MK2_MIDI - ok
20:48:08.0234 3068  [ BB53351BD572213E48228B934C36CCF1 ] TASCAM_US144_MK2_WDM C:\Windows\system32\drivers\tscusb2a.sys
20:48:08.0279 3068  TASCAM_US144_MK2_WDM - ok
20:48:08.0313 3068  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
20:48:08.0359 3068  TBS - ok
20:48:08.0422 3068  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
20:48:08.0474 3068  Tcpip - ok
20:48:08.0544 3068  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:48:08.0590 3068  TCPIP6 - ok
20:48:08.0613 3068  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:48:08.0656 3068  tcpipreg - ok
20:48:08.0670 3068  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:48:08.0692 3068  TDPIPE - ok
20:48:08.0710 3068  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
20:48:08.0733 3068  TDTCP - ok
20:48:08.0759 3068  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
20:48:08.0808 3068  tdx - ok
20:48:08.0822 3068  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:48:08.0835 3068  TermDD - ok
20:48:08.0875 3068  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService    C:\Windows\System32\termsrv.dll
20:48:08.0928 3068  TermService - ok
20:48:08.0939 3068  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:48:08.0971 3068  Themes - ok
20:48:08.0990 3068  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
20:48:09.0029 3068  THREADORDER - ok
20:48:09.0053 3068  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:48:09.0092 3068  TrkWks - ok
20:48:09.0123 3068  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:09.0139 3068  TrustedInstaller - ok
20:48:09.0166 3068  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:09.0217 3068  tssecsrv - ok
20:48:09.0243 3068  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:48:09.0294 3068  tunnel - ok
20:48:09.0310 3068  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:48:09.0323 3068  uagp35 - ok
20:48:09.0341 3068  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:48:09.0384 3068  udfs - ok
20:48:09.0400 3068  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
20:48:09.0415 3068  UI0Detect - ok
20:48:09.0444 3068  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
20:48:09.0457 3068  uliagpkx - ok
20:48:09.0489 3068  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
20:48:09.0511 3068  umbus - ok
20:48:09.0526 3068  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:48:09.0539 3068  UmPass - ok
20:48:09.0565 3068  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:48:09.0581 3068  UmRdpService - ok
20:48:09.0602 3068  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:48:09.0645 3068  upnphost - ok
20:48:09.0680 3068  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
20:48:09.0716 3068  USBAAPL64 - ok
20:48:09.0744 3068  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:09.0772 3068  usbccgp - ok
20:48:09.0796 3068  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
20:48:09.0824 3068  usbcir - ok
20:48:09.0843 3068  [ 92969BA5AC44E229C55A332864F79677 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
20:48:09.0856 3068  usbehci - ok
20:48:09.0897 3068  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:48:09.0926 3068  usbhub - ok
20:48:09.0958 3068  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
20:48:09.0986 3068  usbohci - ok
20:48:10.0026 3068  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:48:10.0059 3068  usbprint - ok
20:48:10.0098 3068  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
20:48:10.0137 3068  usbscan - ok
20:48:10.0159 3068  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:10.0206 3068  USBSTOR - ok
20:48:10.0235 3068  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
20:48:10.0259 3068  usbuhci - ok
20:48:10.0303 3068  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:48:10.0373 3068  usbvideo - ok
20:48:10.0403 3068  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
20:48:10.0442 3068  UxSms - ok
20:48:10.0454 3068  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
20:48:10.0468 3068  VaultSvc - ok
20:48:10.0488 3068  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
20:48:10.0500 3068  vdrvroot - ok
20:48:10.0538 3068  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds            C:\Windows\System32\vds.exe
20:48:10.0572 3068  vds - ok
20:48:10.0588 3068  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:10.0604 3068  vga - ok
20:48:10.0616 3068  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
20:48:10.0663 3068  VgaSave - ok
20:48:10.0678 3068  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
20:48:10.0695 3068  vhdmp - ok
20:48:10.0730 3068  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
20:48:10.0743 3068  viaide - ok
20:48:10.0765 3068  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus          C:\Windows\system32\DRIVERS\vmbus.sys
20:48:10.0780 3068  vmbus - ok
20:48:10.0785 3068  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
20:48:10.0810 3068  VMBusHID - ok
20:48:10.0827 3068  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
20:48:10.0840 3068  volmgr - ok
20:48:10.0861 3068  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
20:48:10.0880 3068  volmgrx - ok
20:48:10.0906 3068  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
20:48:10.0923 3068  volsnap - ok
20:48:10.0955 3068  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
20:48:10.0970 3068  vsmraid - ok
20:48:11.0018 3068  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS            C:\Windows\system32\vssvc.exe
20:48:11.0073 3068  VSS - ok
20:48:11.0097 3068  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:48:11.0124 3068  vwifibus - ok
20:48:11.0147 3068  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
20:48:11.0191 3068  W32Time - ok
20:48:11.0205 3068  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:48:11.0218 3068  WacomPen - ok
20:48:11.0246 3068  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:48:11.0296 3068  WANARP - ok
20:48:11.0301 3068  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:48:11.0339 3068  Wanarpv6 - ok
20:48:11.0409 3068  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
20:48:11.0483 3068  wbengine - ok
20:48:11.0519 3068  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:48:11.0540 3068  WbioSrvc - ok
20:48:11.0575 3068  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
20:48:11.0635 3068  wcncsvc - ok
20:48:11.0652 3068  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:11.0689 3068  WcsPlugInService - ok
20:48:11.0720 3068  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:48:11.0733 3068  Wd - ok
20:48:11.0775 3068  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:48:11.0811 3068  Wdf01000 - ok
20:48:11.0824 3068  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:48:11.0855 3068  WdiServiceHost - ok
20:48:11.0859 3068  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
20:48:11.0881 3068  WdiSystemHost - ok
20:48:11.0912 3068  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient      C:\Windows\System32\webclnt.dll
20:48:11.0942 3068  WebClient - ok
20:48:11.0978 3068  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:48:12.0031 3068  Wecsvc - ok
20:48:12.0046 3068  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
20:48:12.0104 3068  wercplsupport - ok
20:48:12.0138 3068  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:48:12.0210 3068  WerSvc - ok
20:48:12.0241 3068  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:12.0277 3068  WfpLwf - ok
20:48:12.0298 3068  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:48:12.0311 3068  WIMMount - ok
20:48:12.0320 3068  WinDefend - ok
20:48:12.0331 3068  WinHttpAutoProxySvc - ok
20:48:12.0379 3068  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
20:48:12.0435 3068  Winmgmt - ok
20:48:12.0505 3068  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM          C:\Windows\system32\WsmSvc.dll
20:48:12.0576 3068  WinRM - ok
20:48:12.0633 3068  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:48:12.0648 3068  WinUsb - ok
20:48:12.0688 3068  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
20:48:12.0736 3068  Wlansvc - ok
20:48:12.0779 3068  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
20:48:12.0813 3068  WmiAcpi - ok
20:48:12.0846 3068  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:48:12.0883 3068  wmiApSrv - ok
20:48:12.0905 3068  WMPNetworkSvc - ok
20:48:12.0936 3068  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:48:12.0964 3068  WPCSvc - ok
20:48:12.0986 3068  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:48:13.0013 3068  WPDBusEnum - ok
20:48:13.0039 3068  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
20:48:13.0098 3068  ws2ifsl - ok
20:48:13.0124 3068  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:48:13.0203 3068  wscsvc - ok
20:48:13.0210 3068  WSearch - ok
20:48:13.0281 3068  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:48:13.0342 3068  wuauserv - ok
20:48:13.0364 3068  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:48:13.0393 3068  WudfPf - ok
20:48:13.0435 3068  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:13.0471 3068  WUDFRd - ok
20:48:13.0505 3068  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
20:48:13.0529 3068  wudfsvc - ok
20:48:13.0559 3068  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
20:48:13.0595 3068  WwanSvc - ok
20:48:13.0686 3068  X6va001 - ok
20:48:13.0758 3068  X6va008 - ok
20:48:13.0784 3068  X6va009 - ok
20:48:13.0805 3068  X6va010 - ok
20:48:13.0824 3068  X6va011 - ok
20:48:13.0843 3068  ================ Scan global ===============================
20:48:13.0872 3068  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:48:13.0898 3068  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
20:48:13.0910 3068  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
20:48:13.0948 3068  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:48:13.0972 3068  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:48:13.0977 3068  [Global] - ok
20:48:13.0977 3068  ================ Scan MBR ==================================
20:48:13.0989 3068  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:48:14.0285 3068  \Device\Harddisk0\DR0 - ok
20:48:14.0286 3068  ================ Scan VBR ==================================
20:48:14.0290 3068  [ CEDD03B0CD180CC3B2470E9B58A12D6C ] \Device\Harddisk0\DR0\Partition1
20:48:14.0292 3068  \Device\Harddisk0\DR0\Partition1 - ok
20:48:14.0294 3068  ============================================================
20:48:14.0294 3068  Scan finished
20:48:14.0294 3068  ============================================================
20:48:14.0313 3056  Detected object count: 0
20:48:14.0313 3056  Actual detected object count: 0
20:48:37.0422 3540  Deinitialize success

cosinus 13.03.2013 21:06
Unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Ooyo00 13.03.2013 22:20
JRT
Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Ultimate x64
Ran by Odion on 13.03.2013 at 21:53:19,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Odion\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 22:00:52,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner

AdwCleaner Logfile:
Code:
# AdwCleaner v2.114 - Datei am 13/03/2013 um 22:03:15 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Odion - ODION-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Odion\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v25.0.1364.152

Datei : C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [698 octets] - [13/03/2013 22:03:15]

########## EOF - C:\AdwCleaner[S1].txt - [757 octets] ##########
--- --- ---


[/CODE]

OTL

OTL Logfile:
Code:
OTL logfile created on: 13.03.2013 22:09:01 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,67% Memory free
7,99 Gb Paging File | 6,17 Gb Available in Paging File | 77,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,86 Gb Free Space | 73,48% Space Free | Partition Type: NTFS
 
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Odion\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
PRC - C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll ()
MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll ()
MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll ()
MOD - C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Utility.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (EslWireHelper) -- C:\Programme\EslWire\service\WireHelperSvc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TASCAM_US122144) -- C:\Windows\SysNative\drivers\tascusb2.sys (TASCAM)
DRV:64bit: - (TASCAM_US144_MK2_WDM) -- C:\Windows\SysNative\drivers\tscusb2a.sys (TASCAM)
DRV:64bit: - (TASCAM_US144_MK2_MIDI) -- C:\Windows\SysNative\drivers\tscusb2m.sys (TASCAM)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA DE 6C C4 78 20 CD 01  [binary data]
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Odion\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Odion\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: YouTube = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google-Suche = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: ProxMate - unblock the Internet! = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.2.4_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Odion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Program Files (x86)\PLFSetI.exe File not found
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001..\Run: [Akamai NetSession Interface] C:\Users\Odion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Odion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-704985652-1112965975-1733866788-1001\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129D832F-611B-4C09-AFF2-189DA02FBA23}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F836FCEB-46C2-45AE-8ACA-F6B3A018AC99}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 21:53:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 21:51:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 21:50:44 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Odion\Desktop\JRT.exe
[2013.03.13 20:44:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Odion\Desktop\tdsskiller.exe
[2013.03.13 20:25:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Odion\Desktop\aswMBR.exe
[2013.03.13 20:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.13 20:12:26 | 000,000,000 | ---D | C] -- C:\Users\Odion\Desktop\mbar
[2013.03.13 01:19:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 01:19:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 01:19:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 01:19:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 01:19:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 01:19:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 01:19:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 01:19:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 01:19:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 01:19:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 01:19:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 01:19:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 01:18:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 01:18:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 01:18:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.11 21:20:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
[2013.03.03 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Odion\AppData\Roaming\Sony Creative Software Inc
[2013.02.15 02:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.15 02:27:14 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.15 02:27:14 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.15 02:27:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.15 02:27:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.15 02:27:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.13 11:17:38 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 11:17:36 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 11:17:36 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 11:17:25 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.13 11:17:25 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.13 11:17:25 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.13 11:17:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 11:17:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.13 11:17:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.13 11:17:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 11:17:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:17:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:17:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.13 11:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 11:17:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.13 11:17:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 11:17:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 11:17:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:17:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:17:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:17:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:17:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:17:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:17:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 11:17:13 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.12 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.12 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 22:12:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001UA.job
[2013.03.13 22:10:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 22:10:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 22:05:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 22:04:57 | 3217,170,432 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 22:01:45 | 000,597,667 | ---- | M] () -- C:\Users\Odion\Desktop\adwcleaner.exe
[2013.03.13 21:51:07 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Odion\Desktop\JRT.exe
[2013.03.13 20:44:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Odion\Desktop\tdsskiller.exe
[2013.03.13 20:43:12 | 000,000,512 | ---- | M] () -- C:\Users\Odion\Desktop\MBR.dat
[2013.03.13 20:27:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Odion\Desktop\aswMBR.exe
[2013.03.13 10:37:02 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.13 10:37:02 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.13 10:37:02 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.13 10:37:02 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.13 10:37:02 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.13 10:32:40 | 000,094,672 | ---- | M] () -- C:\Users\Odion\Desktop\We Are Turkish Airlines Ad Song.mp3.sfk
[2013.03.13 10:32:36 | 002,072,558 | ---- | M] () -- C:\Users\Odion\Desktop\Turkish Airline Song.mp3
[2013.03.12 23:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-704985652-1112965975-1733866788-1001Core.job
[2013.03.12 19:48:45 | 000,034,232 | ---- | M] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).sfk
[2013.03.12 19:48:19 | 004,373,160 | ---- | M] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).wav
[2013.03.11 21:47:22 | 460,295,448 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.11 21:34:27 | 000,377,856 | ---- | M] () -- C:\Users\Odion\Desktop\gmer_2.1.19155.exe
[2013.03.11 21:20:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Odion\Desktop\OTL.exe
[2013.03.11 21:19:32 | 000,000,000 | ---- | M] () -- C:\Users\Odion\defogger_reenable
[2013.03.11 21:18:07 | 000,050,477 | ---- | M] () -- C:\Users\Odion\Desktop\Defogger.exe
[2013.03.06 11:15:05 | 000,002,364 | ---- | M] () -- C:\Users\Odion\Desktop\Google Chrome.lnk
[2013.03.04 16:35:30 | 1244,171,973 | ---- | M] () -- C:\Users\Odion\Desktop\Lulul.rar
[2013.03.04 16:16:07 | 000,013,824 | ---- | M] () -- C:\Users\Odion\Documents\Okay.veg
[2013.02.28 22:27:48 | 003,487,768 | ---- | M] () -- C:\Users\Odion\Desktop\JBB.mp3
[2013.02.25 18:47:52 | 000,015,096 | ---- | M] () -- C:\Users\Odion\Documents\HS.veg
[2013.02.20 15:32:18 | 017,621,248 | ---- | M] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav
[2013.02.17 18:45:31 | 122,393,698 | ---- | M] () -- C:\Users\Odion\Documents\niiice.mp4
[2013.02.15 02:26:43 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.15 02:26:35 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.15 02:26:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.15 02:26:34 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.15 02:26:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.15 02:26:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.14 12:18:28 | 000,313,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 02:45:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.12 14:24:18 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.13 22:01:43 | 000,597,667 | ---- | C] () -- C:\Users\Odion\Desktop\adwcleaner.exe
[2013.03.13 20:43:12 | 000,000,512 | ---- | C] () -- C:\Users\Odion\Desktop\MBR.dat
[2013.03.13 10:32:34 | 002,072,558 | ---- | C] () -- C:\Users\Odion\Desktop\Turkish Airline Song.mp3
[2013.03.13 10:32:02 | 000,094,672 | ---- | C] () -- C:\Users\Odion\Desktop\We Are Turkish Airlines Ad Song.mp3.sfk
[2013.03.12 19:37:49 | 000,034,232 | ---- | C] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).sfk
[2013.03.12 19:37:37 | 004,373,160 | ---- | C] () -- C:\Users\Odion\Desktop\neuewackmcgenerationprodbycalmmind (1).wav
[2013.03.11 21:34:26 | 000,377,856 | ---- | C] () -- C:\Users\Odion\Desktop\gmer_2.1.19155.exe
[2013.03.11 21:19:32 | 000,000,000 | ---- | C] () -- C:\Users\Odion\defogger_reenable
[2013.03.11 21:18:06 | 000,050,477 | ---- | C] () -- C:\Users\Odion\Desktop\Defogger.exe
[2013.03.04 16:29:47 | 1244,171,973 | ---- | C] () -- C:\Users\Odion\Desktop\Lulul.rar
[2013.03.04 16:16:07 | 000,013,824 | ---- | C] () -- C:\Users\Odion\Documents\Okay.veg
[2013.02.28 22:10:28 | 003,487,768 | ---- | C] () -- C:\Users\Odion\Desktop\JBB.mp3
[2013.02.25 18:47:52 | 000,015,096 | ---- | C] () -- C:\Users\Odion\Documents\HS.veg
[2013.02.20 15:32:16 | 017,621,248 | ---- | C] () -- C:\Users\Odion\Desktop\Turkish Airline Song.wav
[2013.02.17 18:27:38 | 122,393,698 | ---- | C] () -- C:\Users\Odion\Documents\niiice.mp4
[2012.05.31 13:44:20 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---


[/CODE]

und das Extrafile

OTL Logfile:
Code:
OTL Extras logfile created on: 13.03.2013 22:09:01 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Odion\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,67% Memory free
7,99 Gb Paging File | 6,17 Gb Available in Paging File | 77,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 211,86 Gb Free Space | 73,48% Space Free | Partition Type: NTFS
 
Computer Name: ODION-PC | User Name: Odion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D76EE9-A5E8-427F-9606-1CC52B99E852}" = rport=138 | protocol=17 | dir=out | app=system |
"{02B784D5-0C66-4CF7-9358-ED600A309735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{088EFE32-B0C4-4C27-9905-C1B1A7DAB2DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0DF1AAB6-4A83-4CFD-B93E-9E23AB20768D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10EE3223-6102-4F13-8C3E-5B33792FA9BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13E77085-AD60-42A9-9E3E-824A1A092A3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{14E98A35-DD06-4BCB-B987-3B373F947AB0}" = lport=139 | protocol=6 | dir=in | app=system |
"{194508BE-5954-4ED4-A1F7-22D5F5F4BD77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64C98732-A5B7-411C-937E-0CE9F49DFF99}" = rport=139 | protocol=6 | dir=out | app=system |
"{690C87EE-F09D-48EA-AF75-EEFF9E1E0453}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EFE13F2-F3D9-4F51-A745-1CCAB1FA081A}" = lport=445 | protocol=6 | dir=in | app=system |
"{72F57342-66BA-405E-8ABA-A495C706D3C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74B5A420-E3A2-4F1B-ABE8-B4DFB4F49B13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F37989-9B6B-482C-96CE-91EA26988B8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D24AFBC-C7B4-42A0-98F6-170A744A4F12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82D5A951-1A34-4BDB-AB50-209FA7AB5607}" = lport=137 | protocol=17 | dir=in | app=system |
"{901EB14E-5DC2-4A61-9619-D419BF435A3C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A13E267-9A89-433B-B0CA-2F8AC3241EC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9FD52368-EC56-4ACF-9E21-17A087FCFA64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6D8C6B5-BA04-4A07-8E9D-7B23414A694A}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB48DA1C-A2FD-43BA-940E-3535157FF6BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5D83B5C-FBB3-4D10-B2C2-B2E5EC90A746}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00589857-9A74-464E-B7D5-9958DB83CAFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{060865CE-9EE7-4B30-8DF0-181AFB93F946}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{0DA4C8CC-DB2F-4440-8A16-9E6C6A7CE92A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{12BA1064-66CB-4F7C-800C-48E51E6B0561}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{1360506E-CE93-4F1E-8D75-FB927A1E832B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16C555F0-6BF9-482C-9D89-92782E14A081}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{199453F8-0064-456F-8C3B-C5F5BAA27767}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{22BDBF0C-C34E-4D2D-A8CF-D366CBC5C3E6}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{264BA0E4-9A39-4612-8EE1-8FF0BDF2472D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31A31B02-3C60-4F08-A519-914BE58EAC8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{3C19A017-5D2E-4BEA-A253-30D060095618}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44B1A2BE-5FB9-4D27-95FB-AFD95234C763}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{45EBFF91-CF77-4BE2-A150-E75A3BAF7A99}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{4AAF8D5B-EFA5-4389-9121-E829917239A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{4AB8D6EC-1A67-4DD8-8C9E-373907D5FAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{4ABB5E93-5FED-455E-AFDB-3D1B95843AF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FE19CC3-6105-4169-BFA7-D5799760410C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{51FD3C44-5447-4CAE-8531-70897581FD20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6133DA1D-E1D3-4992-8225-C9310CDA6F97}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6205FAB8-A38A-4654-9F7A-8D6A08A0EE40}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{64725DBC-B47C-430A-B8A3-02B91AD26648}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67D8651E-E4F5-44A0-861D-E52707AC197F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B32C291-122E-456C-B873-CAEFF952D057}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C0422CE-44B7-4F45-8374-DB06B8F03092}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C1D4351-C786-4176-8FCA-FC53DCEE0615}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84F71C2B-15EA-48B2-BBAA-0186C7637534}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AB64104-98E8-4F17-9098-23B69950A474}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A44FA021-3C56-4710-A27B-92BBC2BC76D5}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{AEDAA44B-BA54-48A5-9E0E-98D55286F098}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B82775D7-42AD-4579-BD0B-89510266C4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{CA007730-0867-4642-9723-351310A58129}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{CB4EA792-52CA-4DC9-A642-B3B432BC35C3}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{CCD0F669-77AE-4FFB-AE29-60B44E62BE64}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{D44C4487-0634-44CC-9F09-503B77B84D65}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{DA8AACD1-9DCE-4153-8DD9-EE9A0A634DDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAFCAEB4-F1C8-434D-8780-EBFBF7FD7EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB9CBB95-7BA6-4DF3-AB12-A83471ECCA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{F524B257-3039-4FE2-B433-9D3F038B2B27}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{FB8B6D3B-1E06-4C90-A470-A32C1CB25E02}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF893876-6E01-4E45-A8B8-0DB16B4FE711}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"TCP Query User{3BB936CC-4A4A-476E-9C7E-0697088FE059}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55F6D8FE-00AB-40AA-86A4-5EC1E1C2A14B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EECA2A0-F33A-4C9B-9560-FF16F2BEF846}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BD306950-B0CD-44CD-8223-B5C1B123FCC3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EAB878AC-22BC-4DF5-9BED-827E23442A6D}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F18733E5-9A22-4A5A-898A-F33D9385B723}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{1695D144-8033-4007-80ED-BBBE520B768E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{62360048-92D5-43E0-89F1-2523B74E5719}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6A250440-BB5E-4143-9D9D-E87A59222EA7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6EDCB93D-8F5D-4567-85C3-BD7F14ECE4B9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{73FEB0E5-7888-4FA9-83EF-84581A907E9B}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E8FD18F7-C66F-4DBB-8F93-686BC5C58536}C:\users\odion\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\odion\appdata\local\akamai\netsession_win.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0102A21-5ED9-11E1-958C-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.14.2
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F24C5-03E3-4DAA-B935-E7C971003F0E}" = Aeria Ignite
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.11.2111" = Aeria Ignite
"Audacity_is1" = Audacity 2.0
"EdenEternal-DE" = EdenEternal-DE
"Elsword_DE_is1" = Elsword_DE
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LostSagaEU" = Lost Saga EU
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-704985652-1112965975-1733866788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
 
< End of report >
--- --- ---


[/CODE]

cosinus 14.03.2013 14:12
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Ooyo00 14.03.2013 21:41
Super!

mbam
Code:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.14.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Odion :: ODION-PC [Administrator]

Schutz: Aktiviert

14.03.2013 18:19:51
mbam-log-2013-03-14 (18-19-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204552
Laufzeit: 2 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und eset

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2879b626bd990948933b377a2a5676f0
# engine=13389
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-14 06:40:42
# local_time=2013-03-14 07:40:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 24911981 115692113 0 0
# scanned=158238
# found=0
# cleaned=0
# scan_time=4366

cosinus 15.03.2013 01:08
Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Ooyo00 15.03.2013 17:49
Nein, alles gut!
Vielen, vielen Dank fürs Durchchecken und Auswerten der Logs!

Gibt es beim Aufräumen noch Etwas, das ich beachten muss? Oder lässt sich Alles ganz normal manuell löschen?

cosinus 15.03.2013 19:44
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131